Thursday, July 9, 2015

Sugarcrm connection to mysql DB with SSL - Amazon RDS with SSL - using ca-cert file

This is based on Sugarcrm CE 6.5, and by default the MysqliManager.php doesnt support ssl connection to mysql db's, even if we set the 'ssl' flag on 'dboptions' of config.php file. To make the DBManager work, we need to update the MysqliManager code.

First, we need to have the ssl flag on and the file path to the ca-cert file, for that we can have these details on config_override.php
$sugar_config['dbconfigoption']['ssl'] = true;
$sugar_config['dbconfigoption']['ca_cert'] = '/home/user/ca-cert-rds.pem';

Then, update the MysqliManger.php file inside include/database folder.

            $link = FALSE;

            $configDbOptions = $this->getOptions();

            if ($configDbOptions['ssl'] === TRUE) {

                $this->database = mysqli_init();

                mysqli_options($this->database, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);


                $link = $this->database->real_connect($dbhost, $configOptions['db_user_name'], $configOptions['db_password'], isset($configOptions['db_name'])?$configOptions['db_name']:'', $dbport, NULL, MYSQLI_CLIENT_SSL);

            } else {

                $this->database = mysqli_connect($dbhost,$configOptions['db_user_name'],$configOptions['db_password'],isset($configOptions['db_name'])?$configOptions['db_name']:'',$dbport);

                $link = TRUE;


            if($link === FALSE) {

                $GLOBALS['log']->fatal("Could not connect to DB server ".$dbhost." as ".$configOptions['db_user_name'].". port " .$dbport . ": " . mysqli_connect_error());

                if($dieOnError) {

                    if(isset($GLOBALS['app_strings']['ERR_NO_DB'])) {


                    } else {

                        sugar_die("Could not connect to the database. Please refer to sugarcrm.log for details.");


                } else {

                    return false;



No comments:

Post a Comment