MySQL and MariaDB allow easy generation of server self-signed SSL certificates using the auto_generate_certificates = ON option file entry. These are easy to use for remote connections due to not requiring an internal CA, yearly certificate purchases or writing a bash script to restart the DB server as would be required with LetsEncrypt. For internal use on a LAN this may provide “good enough” security and is a step up from sending passwords in the clear. The server can force SSL use by using the option file entry require_secure_transport = ON
All that is needed to use these from the mysql client is to add the flag --ssl.
They are also used by ODBC connections by checking the option for “SSL”.
However in Redash trying to simply enable the “SSL” checkbox without adding any certificate files does not work.
An error is generated:
(3159, ‘Connections using insecure transport are prohibited while --require_secure_transport=ON.’)
As far as I can tell this is currently by design in Redash.
Therefore my feature request is to allow SSL use with self-signed certificates by having a checkbox for “do not verify certificates” in the connection setup.
Then the connection can be made by using the code snippet from this StackOverflow post: “https://stackoverflow.com/a/55617654/1331768”
