Using SSL should be quite straight forward, assuming that everything is configured correctly on the server side. The enforcing happens on the server the moment you issue an
ALTER USER your-processwire-user@your-mysql-server REQUIRE SSL
The moment you do that, you'll get a database error when you access your site. To enable PHP to talk over an encrypted MySQL connection, you now need to point it to the MySQL server's CA certificate. Copy that to a location where the web server can read it and add an entry in site/config.php (adapt the path to match your ca cert location):
$config->dbOptions = array(
\PDO::MYSQL_ATTR_SSL_CA => 'C:/temp/mysql-ca.pem'
);
There may be scenarios where the name you use to access the server doesn't match the name in the certificate and you get the error "SQLSTATE[HY000] [2002]". The same error occurs when you use a self-signed certificate in the server (that's the case when you leave things to default after installing MySQL on most distributions). In that case, you need at least one of the following PHP versions:
PHP 7.2, 7.3, 7.4 or 8 all versions
PHP 7.1 >= 7.1.4
PHP 7.0 >= 7.0.18
The reason is that earlier versions of the MySQL PDO module didn't have the flag to disable certificate verification. You need to expand your entry in site/config.php:
$config->dbOptions = array(
\PDO::MYSQL_ATTR_SSL_CA => 'C:/temp/mysql-ca.pem',
\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
);
Most (hopefully all) PW modules should be using the PDO interface by now, but you may stumble upon one that still makes use of the old mysqli wrapper. Those won't work with an SSL connection.