misp-docker icon indicating copy to clipboard operation
misp-docker copied to clipboard
verified publisher icon MISP

Feature Request: Add TLS Support for database connectivity

Open mdhirt opened this issue 8 months ago • 1 comments

I am using AWS RDS Proxy for my MISP Database.

RDS Proxy only accepts TLS connections.

I have manually worked out the changes required to have the container support TLS database connections with a 2 line change to database.php as follows:

'ssl_ca' => '/var/www/MISP/app/Lib/cakephp/lib/Cake/Config/cacert.pem',
'ssl' => true,

With the additional step of mounting your ca trust chain certificate to the above location in your container config.

I have also partially updated the entrypoint scripts to support a new env var MYSQL_TLS=true which is subsequently used to append the above settings to the database.php file.

This issue is being raised so I can contribute the changes required to support TLS connections to MYSQL databases. I may seek assistance getting the entrypoint scripts working correctly.

mdhirt avatar Apr 23 '25 06:04 mdhirt

Sure go ahead.

I would take the CA from what ca-certificates install however.

ostefano avatar Apr 24 '25 11:04 ostefano