How to access a MySQL database hosted on Amazon RDS with SSL from MySQL .NET Connector

Question

My Amazon RDS MySQL database is configured to be accessed via SSL.

Using the public key stored at https://rds.amazonaws.com/doc/mysql-ssl-ca-cert.pem and PHP, I can successfully connect from my dev machine to MySQL. Using the same .PEM file I can also use MySQL Workbench to connect successfully.

Now I am trying to do the same from .NET. The certificates in the PEM format are not supported on Windows. I've tried to follow several resources on the Internet to generate a PFX file with Openssl but without luck.

I also tried to use this SSL converter to export to the PFX format. The online tool asks for a private key which I do not have. I do not understand why a private key is needed as long as PHP safely connects via SSL without requiring any extra key.

So my question is: what are the correct steps to convert Amazon's certificate to a PKCS#12/PFX Format usable from .NET?

Thank you.

Answer 1

I think (and this post backs it up) that you should not need to specify the public key with connector/net to require SSL. This should work:

"Server=SERVER;Database=test;Uid=UID;Pwd=PASSWORD;SSL Mode=Required;" 

Specifying the public key is only needed to ensure that the server you are making the SSL connection to is the one with the corresponding private key. Otherwise, with none specified, it will carry out a standard SSL handshake with whatever certificate the server in your connection string presents.

So you still get an encrypted connection, but you do not additionally verify that the server you are connecting to is one you previously installed the public key for.

If you still need to do this, you can try loading the pem file with BouncyCastle.