Configure Wordpress on Azure Cloud Service to connect to Azure MySQL over SSL

Question

We run Wordpress in a sub folder of our main .NET solution on a cloud service. We have moved our MySQL from CloudDB to Azure MySQL, however it will only connect if we set the "Enforce SSL Connection" to disabled.

The Wordpress wp-config.php has the following

define('DB_SSL', true);

I presume the issue is we need to pass a certificate, but it is not clear to me how we can set this in Wordpress so it is passed when connecting over SSL.

Answer 1

The solutions that work for me, add to wp-config.php:

PHP7.x

define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | 
MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT ); 
define( 'MYSQL_SSL_CA', getenv('MYSQL_SSL_CA'));

PHP5.x

define('MYSQL_CLIENT_FLAGS', MYSQL_CLIENT_SSL);
define( 'MYSQL_SSL_CA', getenv('MYSQL_SSL_CA'));

Source: https://jkudo.medium.com/how-to-connection-from-wordpress-installed-on-azure-app-service-to-azure-database-for-mysql-via-2b2c37c4a7de

Answer 2

This will solve the issue by adding these lines to wp_config.php

define(‘MYSQL_CLIENT_FLAGS’, MYSQLI_CLIENT_SSL);
define(‘MYSQL_SSL_CA’, getenv(‘MYSQL_SSL_CA’));
define(‘MYSQL_CLIENT_FLAGS’, MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT );

Answer 3

I found the solution to be much simpler when using an Azure mySQL database server in conjunction with a Wordpress container image. If you're using a VPS this may not apply.

• Download the BaltimoreCyberTrustRoot.crt.pem referenced here: https://learn.microsoft.com/en-us/azure/mysql/howto-configure-ssl
• Place the file in the root of your Wordpress install
• Add these two variables in wp-config:
• define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL );
• define('MYSQL_SSL_CA_PATH','/');

Answer 4

Here is what I did:

1. Obtain SSL certificate and save the certificate file to the root of my Wordpress project.

2. Add the following into wp-config.php:

   define('DB_SSL', true);
   

3. Add this to the function db_connect() in my wp-includes/wp-db.php. It must be called before mysqli_real_connect():

   // Just add this line
   mysqli_ssl_set($this->dbh, NULL, NULL, ABSPATH . 'BaltimoreCyberTrustRoot.crt.pem', NULL, NULL); 
   
   if ( WP_DEBUG ) {
       mysqli_real_connect( $this->dbh, $host, $this->dbuser, $this->dbpassword, null, $port, $socket, $client_flags );
   } else {
       @mysqli_real_connect( $this->dbh, $host, $this->dbuser, $this->dbpassword, null, $port, $socket, $client_flags );
   }
   

The solution seems a bit dirty but it works for me.