6

I'm trying to deploy a Django app on Heroku with an RDS instance as the database backend. Everything is working until I try to encrypt the connection, then I get this error:

OperationalError at /path/
(2026, 'SSL connection error')

Here's the setup:

  • Standard Django application
  • MySQL RDS instance with security group allowing connections from all IP addresses
  • MySQL user is setup to allow connections from any host
  • Amazon's pem has been downloaded and is specified in Django settings

On Heroku:

DATABASE_URL: mysql2://username:[email protected]:3306/name_staging?sslca=path/to/mysql-ssl-ca-cert.pem

In Django settings:

DATABASES = {
    'default': dj_database_url.config()
}
DATABASES['default']['OPTIONS'] = {'ssl': {'ca': 'mysql-ssl-ca-cert.pem'}}`

I've tried searching and have read a lot about setting this type of environment up in Rails, but the documentation about doing this with Django is light to non-existent.

Has anyone out there successfully deployed a similar setup or does anyone have thoughts on how to solve this error?

Update:

Connecting via cli works as well as connecting directly using MySQLdb in the python interpreter.

Improve this question
2
  • Googling around, a common error source appears to be mismatching CNs. Sadly, openssl's s_client doesn't work with mysql, otherwise you could easily debug this... can you connect via the mysql cli? Commented Dec 20, 2013 at 18:23
  • Yes, connecting via command line works fine. Commented Dec 20, 2013 at 18:32

1 Answer 1

Reset to default
9

Solved:

The path to the pem file has to be absolute and you can't use python to attempt to build the absolute path.

DATABASES = {
    'default': dj_database_url.config()
}
DATABASES['default']['OPTIONS'] = {
    'ssl': {'ca': '/app/project_name/rds/mysql-ssl-ca-cert.pem'}
}

Again, detecting the path like this does not work, the path must be hard coded:

DATABASES['default']['OPTIONS'] = {
    'ssl': {'ca': os.path.join(os.path.dirname(__file__), 'rds', 'mysql-ssl-ca-cert.pem')}
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I'm still getting a 1045 Error - what is this path relative to? The main (root) directory?
Yes, it needs to be the full path.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.