Thanks for your question.
Please refer below document for complete information and “Understanding the changes in the Root CA change for Azure Database for MySQL single server”
FAQ snippet from the doc –
I don't specify any CA cert while connecting to my single server instance over SSL, do I still need to perform the steps mentioned above?
If you have both the CA root cert in your trusted root store, then no further actions are required. This also applies to your client drivers that use local store for accessing root CA certificate.
How do I know if I'm using SSL/TLS with root certificate verification?
You can identify whether your connections verify the root certificate by reviewing your connection string.
· If your connection string includes sslmode=verify-ca or sslmode=verify-identity, you need to update the certificate.
· If your connection string includes sslmode=disable, sslmode=allow, sslmode=prefer, or sslmode=require, you don't need to update certificates.
· If your connection string doesn't specify sslmode, you don't need to update certificates.
If you're using a client that abstracts the connection string away, review the client's documentation to understand whether it verifies certificates.
Please let us know in case if you are looking for any additional information.