Encrypted MySQL Connection Support - Share Your Experience

[WHMCS John]

Hi testers!

With WHMCS 8.8 you now have the option of using an encrypted MySQL connection. For more information see our Enabling Encrypted MySQL Connections guide and updated System Environment documentation.

During the pre-release testing we want to hear about your experiences with this feature.  Some potential starting points for discussion are:

• Have you used Encrypted MySQL Connections with other PHP + MySQL apps before? If so, which?
• How does the configuration options in WHMCS compare with other apps?
• Did you encounter any problems configuring the feature?
• Is our documentation clear and easy to follow?

In addition to resolving any errors which might occur, understanding any pain points is of particular interest to us. Your input will help us tweak messaging in the product or documentation and publish support articles.

Please submit your feedback by reply to this thread. Thanks for your help in the pre-release testing!

[slim]

Your documentation is lacking. I was going to have a go at the encrypted connections after install - and immediately hit a roadblock. The configuration file needs editing and you don't explain how to find or obtain any of the information required.

$db_tls_ca='/path/to/ca/file';
$db_tls_ca_path='/path/to/ca/directory';
$db_tls_cert='/path/to/client/cert';
$db_tls_cipher='AES256-SHA';
$db_tls_key='/path/to/client/key';
$db_tls_verify_cert='0';

What CA? what Cert? what key?

Do we need to generate one, if so where and how?

[WHMCS John]

Hi @slim,

Thanks for your feedback. To give us some context, have you used encrypted database connections with another MySQL app prior to this?

If so, can you share some examples of the documentation that provided which made the setup process more straightforward for you?

 

We have some further descriptions of these settings at https://docs.whmcs.com/System_Environment_Guide#Encrypted_Database_Connections

There's also (very verbose) information on using encrypted database connections in the MySQL documentation at https://dev.mysql.com/doc/refman/8.0/en/using-encrypted-connections.html and further definitions of the variables at https://dev.mysql.com/doc/refman/8.0/en/server-status-variables.html#statvar_Current_tls_ca

Does any of those resources provide the information you need to proceed?

[slim]

Hi John

To answer your question - I've not used an encrypted DB connection before, so I can't share any documentation as such. I was hoping, given that your company essentially creates our entire stack (cPanel/WHMCS) that you could provide the steps required.

 

[WHMCS John]

Hi @slim,

Thanks for that context, it's most helpful.

I located the following cPanel KB article which describes how to configure these variables in your MySQL server configuration: https://docs.cpanel.net/knowledge-base/security/how-to-configure-mysql-ssl-connections/

The article uses variables with an ssl- prefix:

ssl-ca
ssl_capath
ssl-cert
ssl-cipher
ssl-key

These are analogous with the new configuration variables you should add to WHMCS' configuration.php file:

• db_tls_ca
• db_tls_ca_path
• db_tls_cert
• db_tls_cipher
• db_tls_key

Please let me know if referring to that kind of MySQL configuration documentation is helpful to enable you to use this feature.

[slim]

Thanks John - Yes, that documentation appears to be useful - I would recommend you link to that in your docs.

[WHMCS John]

Hi @slim,

Great to hear. We've added those links to the documentation.