SSL in MySQL is different than HTTP SSL, both the server and client(s) have their own pair of key/cert.
When SSL is “REQUIRED” for incoming connections (which is my case), the client needs to provide it’s own cert.
What Google Cloud SQL says in the config:
What MySQL documentation says:
For accounts created with a REQUIRE X509 clause, clients must specify at least --ssl-cert and --ssl-key.
…
or accounts created with a
REQUIRE ISSUERorREQUIRE SUBJECTclause, the encryption requirements are the same as forREQUIRE X509
PS: 6.3.1 Configuring MySQL to Use Encrypted Connections
How can we move forward, a feature request?