I have a RDS instance running on AWS and I want to know how to connect to that instance over ssl.
From this link Using SSL with mysql database. AWS sets up our database registered with a certificate and provides the root certificate for download. AWS rds root ca
Now the go-mysql-driver provides this information in there documentation to setup an ssl connection.
rootCertPool := x509.NewCertPool()
pem, err := ioutil.ReadFile("/path/ca-cert.pem")
if err != nil {
log.Fatal(err)
}
if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
log.Fatal("Failed to append PEM.")
}
clientCert := make([]tls.Certificate, 0, 1)
certs, err := tls.LoadX509KeyPair("/path/client-cert.pem", "/path/client- key.pem")
if err != nil {
log.Fatal(err)
}
clientCert = append(clientCert, certs)
mysql.RegisterTLSConfig("custom", &tls.Config{
RootCAs: rootCertPool,
Certificates: clientCert,
})
db, err := sql.Open("mysql", "user@tcp(localhost:3306)/test?tls=custom")
The example indicates that I need a client certificate and client key.
But amazon only provides the root certificate. How can I use that with go-mysql-driver to connect to my mysql instance?