How to setup MariaDB SSL and secure connections from clients

Originally published at:

I am looking to setup MariaDB SSL (Secure Sockets Layer) and secure connections from MySQL client and PHP application. How do I enable SSL for MariaDB server and client running on Linux or Unix-like system?

Thanks for your nice article.
How does the renewal process of a certificate work? Do I have to restart the mariadb daemon or can the deamon reload the certificates? What will happen with the current connections?
How does mariadb handel certificate revocation? Does ist support crl and ocsp?

Regards pkr


yes, you have to restart the mariadb. The current connection will be lost. So you need to plan in advance with maintenance window.

on step 9, i can read : “Use the tcpdump to verify that no clear text information including passwords are exchanged between the server and client as follows” but as far as know, when loging in with mysql -u user -ppassword, “password” is not sent in clear text even if you you don’t use TLS