By default, all communication between a MySQL or MariaDB server and its clients is unencrypted. That’s fine if both the database server and client are on the same machine, or connected by a network you fully control, but as soon as anything touches the internet — or even an internal data center network the NSA may have secretly tapped into — all bets are off, and you need SSL to ensure that the communication cannot be spied on or tampered with. This post will guide you through the entire process in an abundance of detail.