How to Connect via SSL / PEM files to MySQL? - Google Cloud


#1

I have a Google Cloud instance (managed MySql 5.7.14) I wish to connect to. It is setup to only allow SSL connections.

My key files are located in:
~/db/keys/server-ca.pem
~/db/keys/client-cert.pem
~/db/keys/client-key.pem

I have tried both following additional JDBC connection strings
sslca=’~/db/keys/server-ca.pem’;sslcert=’~/keys/client-cert.pem’;sslkey=’~/db/keys/client-key.pem’
and
ssl_ca=’~/db/keys/server-ca.pem’;ssl_cert=’~/keys/client-cert.pem’;ssl_key=’~/db/keys/client-key.pem’
to no avail

Addtl. info:

  • I don’t want to setup SSH tunneling. There is no tunnel to connect on the managed instance to and I don’t have a server available on the subnet.
  • I don’t want to setup a read-only, non SSL user. Db IP is exposed and I need security.
  • Running on a local Mac OS X instance (I’m giving Metabase a try).
  • I found an old forum post (oct 16) about this but no answer then.

#2

Hi, I am dealing with exactly same issue and would like to learn some workarounds.


#3

Here is my solution

Use Google SQL Proxy to connect your local computer to the SQL server - this do not require SSL keys since it is more high lever authorization.

This will expose your Google database locally on the localhost and standard port.
They you can connect Metabase without using SSL keys - just by username and password.

https://cloud.google.com/sql/docs/mysql/sql-proxy
https://console.cloud.google.com/apis/credentials

Cheers!