New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

phpMyAdmin can not connect to MySQL when user "REQUIRE SSL" #142

Closed
p1t3r opened this Issue Dec 13, 2017 · 9 comments

Comments

Projects
None yet
3 participants
@p1t3r

p1t3r commented Dec 13, 2017

I am trying to establish a connection to MySQL database using certificate. The MySQL server is running on the same host and is not dockerized.
User is configured for all hosts (%) with password and "require ssl" option. He has access SELECT to all databases.

When using mysql client:
$ mysql -utest0 -p --ssl-ca=./ca-cert.pem --ssl-cert=./public.pem --ssl-key=./private.pem -hsrvdb.com
either from the server itself or from an external host the connection is successful.
But when trying to connect through phpmyadmin I get an error:
" #1045 - Access denied for user 'test0'@'myhost.com' (using password: YES)"
On the other hand, if the option "require ssl" is not enabled the connection from phpmyadmin is successful.

Version of phpmyadmin: 4.7
Version of mysql: 5.5.58

Content of pma.yaml:

version: "3"

services:
  pma:
    image: phpmyadmin/phpmyadmin:4.7
    restart: unless-stopped
    volumes:
      - ./pma/etc/phpmyadmin:/etc/phpmyadmin
    environment:
      PMA_HOST: "srvdb.com"
    ports:
      - "8080:80"
    networks:
      - net0

networks:
  net0:
    driver: bridge

Content of /etc/phpmyadmin/config.user.inc.php:

<?php
/* Encrypted connection to DB */
$cfg['Servers'][$i]['ssl'] = true;
$cfg['Servers'][$i]['ssl_ca'] = '/etc/phpmyadmin/ca-cert.pem';
$cfg['Servers'][$i]['ssl_cert'] = '/etc/phpmyadmin/public.pem';
$cfg['Servers'][$i]['ssl_key'] = '/etc/phpmyadmin/private.pem';
$cfg['Servers'][$i]['ssl_ciphers'] = 'DHE-RSA-AES256-SHA';
@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Dec 14, 2017

Member

The snippet you've posted for config.user.inc.php will not work as expected as the $i is already 2 here and you probably want to modify the first server block. Indeed it's a bit unexpected, so I'm going to fix this, as a workaround you can set $i = 1; at top of your config.user.inc.php.

Member

nijel commented Dec 14, 2017

The snippet you've posted for config.user.inc.php will not work as expected as the $i is already 2 here and you probably want to modify the first server block. Indeed it's a bit unexpected, so I'm going to fix this, as a workaround you can set $i = 1; at top of your config.user.inc.php.

@nijel nijel added the bug label Dec 14, 2017

@nijel nijel self-assigned this Dec 14, 2017

@nijel nijel closed this in 885eb78 Dec 14, 2017

@p1t3r

This comment has been minimized.

Show comment
Hide comment
@p1t3r

p1t3r Dec 15, 2017

Hi nijel,

thanks for quick response.

I get now this error:

phpmysql_err0

p1t3r commented Dec 15, 2017

Hi nijel,

thanks for quick response.

I get now this error:

phpmysql_err0

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Dec 15, 2017

Member

Maybe wrong permissions or format?

See https://stackoverflow.com/a/44975315/225718 for possible hints

Member

nijel commented Dec 15, 2017

Maybe wrong permissions or format?

See https://stackoverflow.com/a/44975315/225718 for possible hints

@p1t3r

This comment has been minimized.

Show comment
Hide comment
@p1t3r

p1t3r Dec 18, 2017

Thanks for the hint. I also thought it may be the case. The file permissions have been reproduced from another host where the connection was successful. Also the certificates has been imported from there. Unfortunately, we get the same result.

p1t3r commented Dec 18, 2017

Thanks for the hint. I also thought it may be the case. The file permissions have been reproduced from another host where the connection was successful. Also the certificates has been imported from there. Unfortunately, we get the same result.

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Dec 18, 2017

Member

It also might be failed validation (PHP is in this unfortunately too strict in many cases). Can you try disabling $cfg['Servers'][$i]['ssl_verify']?

Member

nijel commented Dec 18, 2017

It also might be failed validation (PHP is in this unfortunately too strict in many cases). Can you try disabling $cfg['Servers'][$i]['ssl_verify']?

@p1t3r

This comment has been minimized.

Show comment
Hide comment
@p1t3r

p1t3r Dec 18, 2017

Thanks for quick response. Unfortunately, it has not changed anything :(

p1t3r commented Dec 18, 2017

Thanks for quick response. Unfortunately, it has not changed anything :(

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Dec 18, 2017

Member

Are you sure the permissions to read that file are correct? IMHO it must be permissions issue if the ssl verification is not the culprit here.

Member

nijel commented Dec 18, 2017

Are you sure the permissions to read that file are correct? IMHO it must be permissions issue if the ssl verification is not the culprit here.

@p1t3r

This comment has been minimized.

Show comment
Hide comment
@p1t3r

p1t3r Dec 19, 2017

I have used the default permissions (644) for all three *.pem files. I have also modified them, by making them either more or less restrictive. The owner of the files is 'root'.

p1t3r commented Dec 19, 2017

I have used the default permissions (644) for all three *.pem files. I have also modified them, by making them either more or less restrictive. The owner of the files is 'root'.

@alewkinr

This comment has been minimized.

Show comment
Hide comment
@alewkinr

alewkinr Jun 22, 2018

Is there any solution for that problem?
I have the same issue

alewkinr commented Jun 22, 2018

Is there any solution for that problem?
I have the same issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment