Custom Certificate Support for MySQL

Hyperdrive has extended its TLS/SSL certificate capabilities to MySQL databases, bringing feature parity with PostgreSQL. This update allows developers to secure their MySQL connections with certificate-based authentication and verification.

New Capabilities

You can now configure two key security options for MySQL connections:

• Server certificate verification: Choose between VERIFY_CA or VERIFY_IDENTITY SSL modes to verify that your MySQL database server's certificate is signed by a trusted certificate authority. This prevents man-in-the-middle attacks by validating the server's identity.

• Mutual TLS (mTLS): Configure client certificates to enable Hyperdrive to authenticate itself to your MySQL database using credentials beyond standard username and password authentication, providing an additional layer of security.

Getting Started

To use custom certificates with Hyperdrive and MySQL:

1. Upload your CA certificate using npx wrangler cert upload certificate-authority --ca-cert your-ca-cert.pem --name your-custom-ca-name
2. Create a Hyperdrive configuration with the certificate ID and desired SSL mode (e.g., VERIFY_IDENTITY)
3. Reference the Hyperdrive configuration in your application

Developers should refer to the SSL/TLS certificates documentation and MySQL TLS/SSL modes guide for complete configuration details and best practices.