We got the response from our Team:
It seems the Maxscale documentation which you referred too is a bit confusing and ambiguous so we further investigated and tested it on our side. For your reference, a good documentation to refer to for this scenario would be https://github.com/mariadb-corporation/MaxScale/blob/2.5/Documentation/Getting-Started/Configuration-Guide.md#tlsssl-encryption. I am copying the important section below
To enable TLS/SSL for a server, you must set the ssl parameter to true. If the backend database server has certificate verification enabled, the ssl_cert and ssl_key parameters must also be defined. Custom CA certificates can be defined with the ssl_ca_cert parameter.
For connecting to Azure Database for MariaDB only ssl=true needs to be enabled and only ssl_ca_cert needs to be specified point to the path to our CA certificate file ssl_ca_cert=/path/to/BaltimoreCyberTrustRoot.crt.pem. However we have tested Maxscale on our side and some components of Maxscale may not work with Azure Database for MariaDB service as the username in Azure DB for MariaDB service is in the format username@servername. You can refer to this blog for why username@servername format is required.
Following is our recommendation
- Use ProxySQL if the intent is to use Maxscale for connection pooling and read/write split. You can refer to our blogs below for reference
o https://techcommunity.microsoft.com/t5/azure-database-for-mysql/load-balance-read-replicas-using-proxysql-in-azure-database-for/ba-p/880042
o Connecting efficiently to Azure Database for MySQL with ProxySQL - Microsoft Tech Community - If you have to use Maxscale
o Use the latest version of MaxScale and config it with the official documentation on GitHub: https://github.com/mariadb-corporation/MaxScale/blob/2.5/Documentation/Tutorials/MaxScale-Tutorial.md
o Create separate user accounts for different components (monitors, services, etc) of MaxScale so it is easy to know which part works and which part doesn’t by a “show processlist” command on the server.
Please go through the same and let us know if you have any further question.
Regards
Navtej S