Home > Database > Mysql Tutorial > How to configure the paths of ssl_key, ssl-cert and ssl-ca in mysql and examples of establishing ssl connections

How to configure the paths of ssl_key, ssl-cert and ssl-ca in mysql and examples of establishing ssl connections

黄舟
Release: 2017-09-08 11:57:19
Original
2271 people have browsed it

1. Create CA private key and CA certificate

(1) Download and install openssl, configure the bin directory to environment variables;

(2) Set the openssl.cfg path (if If not set, an error will be reported and the openssl configuration file cannot be found)


set OPENSSL_CONF=G:\Program Files\openssl\openssl-1.0.2d-fips-2.0.10\bin\openssl.cnf
Copy after login

(3) Generate a CA private key (extra file: ca-key.pem)


openssl genrsa 2048 > ca-key.pem
Copy after login

(4) Generate a digital certificate through the CA private key (when executing this command, you will need to fill in some questions, just fill them in casually, such as: CN , KunMing, KunMing, KunMing, kmddkj, kmddkj, kmddkj, 786479786@qq.com; two extra files: ca-cert.pem)


openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem
Copy after login

2. Create the server-side RSA private key and digital certificate

(1) Create the server-side private key and a certificate request file (you need to answer a few questions, just fill them in casually. But you need to pay attention to Yes, A challenge password and An optional company name need to be empty; additional files: server-key.pem server-req.pem)


openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout server-key.pem > server-req.pem
Copy after login

(2 ) Convert the generated private key to the RSA private key file format


openssl rsa -in server-key.pem -out server-key.pem
Copy after login

(3) Use the originally generated CA certificate to generate a server-side digital certificate (extra files: server-cert.pem)


openssl x509 -sha1 -req -in server-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
Copy after login

3. Create the client’s RSA private key and digital certificate

(1) for the client The client generates a private key and certificate request file (extra files: client-key.pem client-req.pem)


openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout client-key.pem > client-req.pem
Copy after login

(2) Convert the generated private key For the RSA private key file format


openssl rsa -in client-key.pem -out client-key.pem
Copy after login

(3) Create a digital certificate for the client (extra file: client-cert.pem)


openssl x509 -sha1 -req -in client-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
Copy after login

SSL configuration and generated file description:In the previous steps, we have generated 8 files, namely:

ca-cert.pem: CA certificate, used to generate server/client digital certificates.

ca-key.pem: CA private key, used to generate server/client digital certificates.

server-key.pem: Server-side RSA private key

server-req.pem: Server-side certificate request file, used to generate server-side digital certificates.

server-cert .pem: Server-side digital certificate.

client-key.pem: Client's RSA private key

client-req.pem: Client's certificate request file, used to generate the client's digital certificate .

client-cert.pem: Client’s digital certificate.

4. Server-side configuration

The server-side needs to use three files, They are: CA certificate, server-side RSA private key, server-side digital certificate, we need to add the following content under the [mysqld] configuration domain:


  #[mysqld]下加入如下代码:

  ssl-ca=G:/ProgramData/MySQL/MySQL Server 5.6/mykey/ca-cert.pem

  ssl-cert=G:/ProgramData/MySQL/MySQL Server 5.6/mykey/server-cert.pem

  ssl-key=G:/ProgramData/MySQL/MySQL Server 5.6/mykey/server-key.pem
Copy after login

5. After the configuration is complete, we need to restart the MySQL service to make the configuration take effect.

6. After the configuration is complete, use root to log in to MySQL and execute show variables like '%ssl%'; the test is successful.


show variables like '%ssl%';
Copy after login

The above is the detailed content of How to configure the paths of ssl_key, ssl-cert and ssl-ca in mysql and examples of establishing ssl connections. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template