SSL connection error when connecting to RDS MySQL from Django

Question

I'm trying to deploy a Django app on Heroku with an RDS instance as the database backend. Everything is working until I try to encrypt the connection, then I get this error:

OperationalError at /path/
(2026, 'SSL connection error')

Here's the setup:

• Standard Django application
• MySQL RDS instance with security group allowing connections from all IP addresses
• MySQL user is setup to allow connections from any host
• Amazon's pem has been downloaded and is specified in Django settings

On Heroku:

DATABASE_URL: mysql2://username:password@instance.us-east-1.rds.amazonaws.com:3306/name_staging?sslca=path/to/mysql-ssl-ca-cert.pem

In Django settings:

DATABASES = {
    'default': dj_database_url.config()
}
DATABASES['default']['OPTIONS'] = {'ssl': {'ca': 'mysql-ssl-ca-cert.pem'}}`

I've tried searching and have read a lot about setting this type of environment up in Rails, but the documentation about doing this with Django is light to non-existent.

Has anyone out there successfully deployed a similar setup or does anyone have thoughts on how to solve this error?

Update:

Connecting via cli works as well as connecting directly using MySQLdb in the python interpreter.

Answer 1

Solved:

The path to the pem file has to be absolute and you can't use python to attempt to build the absolute path.

DATABASES = {
    'default': dj_database_url.config()
}
DATABASES['default']['OPTIONS'] = {
    'ssl': {'ca': '/app/project_name/rds/mysql-ssl-ca-cert.pem'}
}

Again, detecting the path like this does not work, the path must be hard coded:

DATABASES['default']['OPTIONS'] = {
    'ssl': {'ca': os.path.join(os.path.dirname(__file__), 'rds', 'mysql-ssl-ca-cert.pem')}
}