5

While trying to learn about aws services, I'm trying to connect to RDS instance from my ec2 instance using certificate.

I'm using this command to connect -

mysql -h <aws-account>.rdsinstance.<region>.rds.amazonaws.com --ssl-ca=rds-ca-2019-root.pem --ssl-mode=VERIFY_IDENTITY

But i get this error - mysql: unknown variable 'ssl-mode=VERIFY_IDENTITY'

I'm able to connect without certificate using this command: mysql -h .rdsinstance..rds.amazonaws.com -P 3306 -u admin -p

Has anyone seen this before? I searched around but couldn't find anything that would help me.

If you have any suggestions/solutions please let me know

MyMysql version: mysql --version mysql Ver 15.1 Distrib 5.5.68-MariaDB, for Linux (x86_64) using readline 5.1

Improve this question

1 Answer 1

Reset to default
4

Looks like mysql --help does not have --ssl-mode option. I removed it and was able to connect. (below is the command i used, just for reference)

mysql -h <aws-account>.rdsinstance.<region>.rds.amazonaws.com --ssl-ca=rds-ca-2019-root.pem -u <user> -P 33306 -p

in mysql firing >'status' command confirmed SSL is being used for connection.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It looks like --ssl-mode is missing from the final list at the bottom of the help output, but if you scroll up (or grep for it) it is listed higher up in the help content. It is also listed in the official documentation. The command you were using should have worked. I did find that this option may be missing from the mariadb mysql client.
As it is, you are connecting over SSL, but you aren't verifying the SSL certificate matches the RDS server hostname, so you aren't entirely eliminating any MitM attack potential.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.