distal-attribute
distal-attribute
distal-attribute
distal-attribute

How do I know that SSL connection works?

User, date Message
Written by MrMr
4 years ago
Category: General
11 posts since Mon, 07 Feb 11
Hello Guys,
How do I know that SSL connection works? I could not see it in the status window.
What I did was that I went to FireFox Tools->Options->Advanced->show certificats. Selected the servers tab and exported the certificate for my webhosting company as PEM file.

In heidiSQL session manger I selected the SSL tab and added the certificate under the last field SSL certificate.
I described this process because I couldn't find it myself, so maybe it will be usefull for others.

Now I got the connection, but how do I know that I got the SSL connection. I coudn't verify this in any way?

Anyone uses SSL with heidiSQL and can explain this to me?

Also advaice to all users. If you can't use SSH or SSL don't connect through external tools like this via TCP/IP. It's a free lunch for hackers. They even don't have to hack your webpage to download your whole databas.
All the best and thanks for a great tool
Written by ansgar
4 years ago
5045 posts since Fri, 07 Apr 06
Examine the "ssl_*" values in Host > Status?
Written by MrMr
4 years ago
11 posts since Mon, 07 Feb 11
It's not there for my webhosting company connection. I see in the variables
have_SSL: no
have_openssl: no
but for the local connection the variables are there.

What I noticed is that if I add other file then the *.pem I will get error from host when connecting. Only with the correct file I can connect to the host. But this is no warranty that the SSL connection is there. I will also send a mail to my webhosting company.

If it's not to difficault to have some kind of status on SSL connection and a worning if pepole don't connect via secure connection in open networks would be of grate value for security reason.

All the Best
Written by ansgar
4 years ago
5045 posts since Fri, 07 Apr 06
What I can tell quickly is that HeidiSQL only processes SSL options if the private key and both certificates are not empty:

if (FParameters.SSLPrivateKey <> '') and
(FParameters.SSLCertificate <> '') and
(FParameters.SSLCACertificate <> '') then begin
... [init SSL connection]



You are absolutely right - it is not transparent to the user when exactly SSL gets used. I should
- add some SSL info to the balloon hint which pops up when hovering over the server version in the status bar
- change the status bar icon, add some lock icon
Written by MrMr
4 years ago
11 posts since Mon, 07 Feb 11
In that case a worning that no SSL will be initated on connect if any of the other places are empty would be a grate contribution.
Any Idee how to get the other keys. I think that I could export the CA cert from firefox (*.crt) but the private?
Written by ansgar
4 years ago
5045 posts since Fri, 07 Apr 06
r3686 displays successful SSL in status bar and log panel. I will additionally raise a warning if one of the SSL fields is filled without having the required three ones.
Written by ansgar
4 years ago
5045 posts since Fri, 07 Apr 06
r3689 raises an error when trying to connect with an incomplete set of SSL parameters.
Written by MaxB
3 years ago
4 posts since Thu, 07 Apr 11
We have also a MySQL Server hosted by an external provider. The connection with SSL works fine with the official MySQL command line tools and with the official MySQL Workbench too. The parameter we used are the following:

host
username
password
port 3306
TCP/IP

SSL private key (empty)
SSL CA (path to pem certificate)
SSL certificate (empty)

With Heidi current release (r3603) we got this error:
"SQL Error (1045): Access denied for user 'ssluser'@'client-hostname' (using password: YES)"

With Heidi nightly build (r3754) we got a error:
"SQL Error (2026): SSL connection error"

What can we do?
PS: fmo Heidi is better than other tools, but I can't use it with SSL... unhappy
Written by MaxB
3 years ago
4 posts since Thu, 07 Apr 11
It works now, see my feedback.
 

Please login to leave a reply, or register at first.