How do I connect to a SQL Server with SSL from PHP?
Edit
I should be more elaborate on this. We have a php-mysql application. We need to save data on a SQL Server also. Initially we were using mssql_connect('server', 'db_user', 'db_pwd')
to connect to the remote SQL server. but now we need to send it over ssl.
We would like to use the existing ssl cert already on server (currently used by site on IIS as ssl cert) to make it so we can connect to SQL Server with secure connection.
What have you tried already ?
mssql_connect() should work out for you.
Since you provided no error I'm guessing: "Warning: mssql_connect(): Unable to connect to: OURSERVER.local in ...." ?
Have you set the mssql.secure_connection ini option to true?
mssql_connect can use secured connection if php is configured ...
go into the php.ini and verify the mssql.secure_connection parameter :
[MSSQL]
mssql.secure_connection = On
Related
I have a little problem with my PhpMyAdmin (i use NGINX & PHP 7.2). I wanted to configure the SSL connection between MySQL (MariaDB 10.2.27) and PhpMyAdmin by adding its information to the config.inc.php file:
$cfg['Servers'][$i]['ssl'] = true;
$cfg['Servers'][$i]['ssl_key'] = '/etc/mysql/ssl/server-key.pem';
$cfg['Servers'][$i]['ssl_cert'] = '/etc/mysql/ssl/server-cert.pem';
$cfg['Servers'][$i]['ssl_ca'] = '/etc/mysql/ssl/ca-cert.pem';
$cfg['Servers'][$i]['ssl_ca_path'] = '/etc/mysql/ssl';
But now when I want to connect to PhpMyAdmin I get the error:
mysqli_real_connect(): (HY000/2006): MySQL server has gone away
Do you know why I have this error? Thank you in advance for your help.
You might be misunderstanding the ssl options in the pma config.
This does not encrypt traffic between your web browser and phpmyadmin, but rather the connection between phpmyadmin and your mysql server and it has to be set up on your mysql server.
AND you don't set an SSL certificate for phpMyAdmin for HTTPS - it is a web app - not a web server. Nginx stores the certificates and terminates/unwraps the SSL.
The HTTPS session you are using is between your PC and Nginx - it is nothing to do with phpMyAdmin. Your phpMyAdmin vhost is using whatever certificate you defined in Nginx.
HTTPS != SSL insofar as phpMyAdmin's configuration is concerned.
The setting you referred to is specifically for an SSL connection between phpMyAdmin and MySQL - which if is on localhost, isn't all too relevant anyway.
After all this question should goto : https://serverfault.com you are in wrong place.
See more : https://serverfault.com/questions/403006/phpmyadmin-with-ssl-https-and-mysql-client-on-nginx
What I mean to achieve is very simple. I want to connect to an external MS SQL database from a PHP script over a secure connection. This has however proven problematic and, with three hours put in to research so far, I am at a loss.
The platform for the client is Ubuntu, which means I can not use SQLSRV.
The secure connection has been tested with different clients and it works fine.
I am currently using PDO and DBlib to connect to the database, which also works fine.
I was not able to find any method to force a secure connection. I have tried multiple other drivers, to no avail.
What are my options?
Edit: I am left with the following FreeTDS logs...
config.c:543: Got a match.
config.c:565: host = 'XXXXXXXXXX'
config.c:595: Found host entry XXXXXXXXXX.
config.c:599: IP addr is XXXXXXXXXX.
config.c:565: port = '1433'
config.c:565: encryption = 'require'
config.c:565: check certificate hostname = 'no'
config.c:629: UNRECOGNIZED option 'check certificate hostname' ... ignoring.
config.c:565: ca file = 'XXXXXXXXXX.pem'
config.c:629: UNRECOGNIZED option 'ca file' ... ignoring.
If you want to use PDO, you could set up PDO ODBC. You will need to setup the configuration files /etc/odbc.ini, /etc/odbcinst.ini and /etc/freetds/freetds.conf.
You'll also have to install unixodbc and freetds: apt-get install unixodbc tdsodbc.
You can see more info here: Connect PHP to MSSQL via PDO ODBC
EDIT: To enforce SSL in ODBC, add the Encrypt keyword and set it to true in your connection string. And setup your SQL Server to use SSL: https://support.microsoft.com/en-us/kb/316898
EDIT 2: According to the OP, adding encryption=require and check certificate hostname to freetds.config as per the following specification: http://www.freetds.org/userguide/freetdsconf.htm along with the above steps will fix the problem
Have you configured mssql_connect to use a secure connection? Look in your php.ini and verify the mssql.secure_connection parameter is set to on
[MSSQL]
mssql.secure_connection = On
I am using WampServer (Windows) and PHP pgsql, and apparently something wasn't compiled with SSL support, because I get this error:
Unable to connect to PostgreSQL server: sslmode value "require" invalid when SSL support is not compiled
This got me thinking... I wonder if I can ask pg_connect() to look for 127.0.0.1 on port 12345 (or something like that) using HTTP, and then some middle service could be run on my local system that would pass that on to the server using SSL.
Does anyone know how to do that?
NOTE
I'm trying to connect to the Heroku PostgreSQL server (which uses an Amazon Web Service URL) and requires an SSL connection. I had better luck Googling "amazonws.com postgresql stunnel" for relevant bulletin board messages.
UPDATE
Here is the stunnel.conf file that I used:
;See: https://medium.com/what-i-learned-building/580fdd492119
cert = stunnel.pem
options = NO_SSLv2
options = SINGLE_ECDH_USE
options = SINGLE_DH_USE
socket = r:TCP_NODELAY=1
options = NO_SSLv3
ciphers = HIGH:!ADH:!AECDH:!LOW:!EXP:!MD5:!3DES:!SRP:!PSK:#STRENGTH
[heroku-postgres]
client=yes
accept = 127.0.0.1:YOUR-CHOSEN-PORT
connect = THE-HOST-GOES-HERE:PORT
protocol=pgsql
retry = yes
Reference: https://medium.com/what-i-learned-building/580fdd492119
postgresql does neither use http nor https for its connection, but has its own protocol. But you could use something like stunnel to tunnel a normal tcp connection inside ssl, e.g. if your local pg_client library is not ssl-aware you could create an stunnel on localhost which then forwards the data via ssl to the remote postgresql server.
I'm trying to connect to an external Sql Server through PHP 5.2.
Using this line:
$con = mssql_connect('123.123.123.123','Username','Password') or die('Could not connect to the server!');
I'm receiving this error:
Warning: mssql_connect() [function.mssql-connect]: Unable to connect
to server: 123.123.123.123 in
/home/file/public_html/structure/index.php on line 4 Could not connect
to the server!
My hosting provider assures me that ports are open for my server to connect to the DB. Looking at my php info, MSSQL Support is enabled, using FreeTDS.
Any ideas why this would be failing, or how I can begin trouble shooting the problem?
i know that there is some security for remote connection to MSSQL.
i had a same issue.
you need to give connection permition for requested ip.
did you try to connect with your personal compter with a MS SQL program.
if you can so you have problem with your cilent (php host)
if you can not so you have problem with mssql server
I've had to move an app we wrote for a client to a new server and a remote connection I was initiating with PHP mssql_connect has ceased to work. I noticed that PHP wasn't compiled with mssql so I asked the server admin to install it. I can verify that it's now installed via PHP info but I now get a consistent "Unable to connect to server" error from mssql_connect.
Here's the very simple PHP script I'm running:
$myServer = "myserver.com:5000";
$myUser = "myusername";
$myPass = "mypassword";
$dbhandle = mssql_connect($myServer, $myUser, $myPass)
or die("Couldn't connect to SQL Server on $myServer. Error: " . mssql_get_last_message());
I've confirmed that the credentials are still correct but for whatever reason it seems that mssql_connect just isn't doing it's thing. I'm wondering if there's something that the admin has forgotton to do having installed the extension and FreeTDS. Any pointers greatly appreciated! :)
PROBLEM SOLVED!!!
After all that it turned out to be the FreeTDS protocol version number as specified in /usr/local/freetds/etc/freetds.conf, line number 13 had to be uncommented. That was it! :)
After all that it turned out to be the FreeTDS protocol version number as specified in /usr/local/freetds/etc/freetds.conf, line number 13 had to be uncommented. That was it! :)
There's a good chance that remote connections are disabled on the server where the server is installed. Have you checked whether you are actually able to connect to the DB server remotely, from the IP address of the webserver that attempts to connect to it? Usually, at least in most shared hosting schemes, the database server only accepts connections from localhost. You'd need to add the IP address of the webserver to a whitelist (usually in the server's configuration) to allow connections from the outside.