To check the current state of the SSL run this:
SHOW GLOBAL VARIABLES LIKE 'have_ssl';
To configure SSL we need to set the following variables in my.ini under
[mysqld]
ssl-ca=
ssl-cert=../ssl/cert.pem
ssl-key=../ssl/cert.key
The private key should be in openSSL format.
The ssl-ca is optional and is only intended for client authentication.
Unlike MySQL in mariaDB there is no way to foce SSL on all users globally with:
require_secure_transport=ON
The alternative is to set it per user like this:
GRANT USAGE ON *.* TO user@% REQUIRE SSL;
to force this specific user to use SSL.
Restart the DB service.
Then run the
SHOW GLOBAL VARIABLES LIKE 'have_ssl';
again to verify that the SSL is turned on.