Enable Encrypted MySQL

We added support for encrypted MySQL connections in WHMCS 8.8.

To use WHMCS with an encrypted MySQL® connection, you will need to perform additional steps that add the necessary settings to the configuration.php file. The settings that you choose to add will depend on your server’s configuration.

Before Installation (CLI)

To enable encrypted MySQL connections before proceeding with the CLI-based installation method:

  1. Open the configuration.php file in your preferred text editor.
  2. Add the necessary configuration settings to the file, replacing the example values below with your server’s information:
    $db_tls_ca='/path/to/ca/file';
    $db_tls_ca_path='/path/to/ca/directory';
    $db_tls_cert='/path/to/client/cert';
    $db_tls_cipher='AES256-SHA';
    $db_tls_key='/path/to/client/key';
    $db_tls_verify_cert='0';
    
  3. Proceed with installation via the command line.

During Installation (CLI)

To enable encrypted MySQL connections during the CLI-based installation method, use the -c or --config options while running the command-line installation script.

Include the following lines in your JSON input, replacing the example values below with your server’s information:

"db_tls_ca":"'/path/to/ca/file'",
"db_tls_ca_path":"'/path/to/ca/directory'",
"db_tls_cert":"'/path/to/client/cert'",
"db_tls_cipher":"'AES256-SHA'",
"db_tls_key":"'/path/to/client/key'",
"db_tls_verify_cert":"'0'",

After Installation (CLI or Browser)

You cannot configure this before or during the installation process using the browser-based installation method. Because of this, you cannot use the browser-based method if your server requires encrypted connections.

To enable encrypted MySQL connections after you have completed installation:

  1. Open the configuration.php file in your preferred text editor.
  2. Add the following configuration settings to the file, replacing the example values below with your server’s information:
    $db_tls_ca='/path/to/ca/file';
    $db_tls_ca_path='/path/to/ca/directory';
    $db_tls_cert='/path/to/client/cert';
    $db_tls_cipher='AES256-SHA';
    $db_tls_key='/path/to/client/key';
    $db_tls_verify_cert='0';
    

Last modified: June 5, 2024