How to create an encrypted connection to SQL Server from Ubuntu using PHP / PDO

Question

How to create an encrypted connection to SQL Server from Ubuntu using PHP / PDO

I am trying to connect to SQL Server from a PHP / Zend Framework application running on Ubuntu and in a remote location.

I am trying to get the connecting application to request encryption with SQL Server (since the default connection at 1433 is explicit and I do not want my credentials to be sniffed).

I configured the SSL substitution certificate on SQL Server and I am creating a PDO connection with the following DSN:

dblib:host=server-not-matching-domain.com:1433;dbname=MyDB;Encrypt=true;TrustServerCertificate=false;charset=

Taken from http://blogs.msdn.com/b/brian_swan/archive/2011/03/08/sql-server-driver-for-php-connection-options-encrypt.aspx

Since the host name does not match the installed certificate, I expect the connection to fail - but this will not work.

+7

php sql-server pdo ubuntu

Horuskol May 04 '15 at 7:03

source share

3 answers

Peter Darmis · Answer 1 · 2017-02-12T14:37:42+0000

Could it be that Encrypt=true;TrustServerCertificate are not considered at all? Not being an expert on this, check out the PHP documentation regarding PDO_DBLIB DSN . As recorded, there is a special parameter in the DSN that is called secure and is not currently in use. I'm not sure if this should be the right way to declare that you want to have a secure connection in this DSN, and this is also not entirely useful, as it is marked as unused .

Also do the following

In php.ini, make sure the following is set: mssql.secure_connection = On

See if it is better to connect through PDO_ODBC to what you want to achieve. To connect via PDO_ODBC check this example.

Mohit_ · Answer 2 · 2017-02-13T18:22:27+0000

try setting AES ENCRYPTION CERTIFICATE, this is the best I used to protect credentials from sniffing

 dblib:host=server-not-matching-domain.com:1433;dbname=MyDB;Encrypt=true;TrustServerCertificate=true;charset=utf8

make the default value true for ssl crtificate in the php.ini file and then process using AES

Prasad paranjape · Answer 3 · 2017-02-10T14:15:52+0000

This is more complicated than just setting a flag.

Share this blog: http://www.madirish.net/214

You will need to create or install the ssl certificate on the mysql server.
in my.cnf make the following settings:
SSL ca = / etc. /SSL/MySQL/server.csr
SSL certificate = / etc. /SSL/MySQL/server.cert
ssl-key = / etc / ssl / mysql / server.key
restart mysql: mysqld restart
Creating Client Keys
Send these keys along with your username and password.

After the answers in stackoverflow explain in detail:

Connecting to a remote MySQL server using SSL with PHP

SSL connections to MySQL

Hope this helps.

How to create an encrypted connection to SQL Server from Ubuntu using PHP / PDO

More articles: