diff --git a/roles/zoneminder/tasks/main.yml b/roles/zoneminder/tasks/main.yml
index d230406..3946241 100644
--- a/roles/zoneminder/tasks/main.yml
+++ b/roles/zoneminder/tasks/main.yml
@@ -6,8 +6,11 @@
 
 - name: install packages
   ansible.builtin.package:
-    name: zoneminder-httpd
+    name: "{{ item }}"
     state: installed
+  with_items:
+    - mariadb
+    - zoneminder-httpd
 
 - name: fix selinux contexts from data directory
   community.general.sefcontext:
@@ -106,6 +109,19 @@
     group: "{{ ansible_wheel }}"
   notify: restart apache
 
+# required for database updates to work
+- name: configure mysql client to use ssl
+  ansible.builtin.copy:
+    dest: /root/.my.cnf
+    content: |
+      [client]
+      ssl-ca={{ tls_certs }}/ca.crt
+      ssl-cert={{ tls_certs }}/{{ inventory_hostname }}.crt
+      ssl-key={{ tls_private }}/{{ inventory_hostname }}.key
+    mode: 0600
+    owner: root
+    group: "{{ ansible_wheel }}"
+
 - name: enable service
   ansible.builtin.service:
     name: zoneminder