| Setting up SSL Certificate for MySQL
To create server/client side Certificate, login to the Linux Server as root
and employ the Shell Command below:
- DIR=`pwd`/openssl
- PRIV=$DIR/private
- mkdir $DIR $PRIV $DIR/newcerts
- cp /usr/share/ssl/openssl.cnf $DIR
- replace ./demoCA $DIR -- $DIR/openssl.cnf
- Generation of Certificate Authority(CA)
/usr/local/ssl/bin/openssl req -new -x509 -keyout
$PRIV/cakey.pem -out $DIR/cacert.pem -config $DIR/openssl.cnf
Note: If "PEM" is required, please enter different "PEM pass" via steps below.
- Create server request and key
/usr/local/ssl/bin/openssl req -new -keyout
$DIR/server-key.pem -out $DIR/server-req.pem -days 3600 -config $DIR/openssl.cnf
- Remove the passphrase from the key (optional)
/usr/local/ssl/bin/openssl rsa -in $DIR/server-key.pem -out $DIR/server-key.pem
- Sign server cert
/usr/local/ssl/bin/openssl ca -policy policy_anything -out
$DIR/server-cert.pem -config $DIR/openssl.cnf -infiles $DIR/server-req.pem
- Create client request and key
/usr/local/ssl/bin/openssl req -new -keyout
$DIR/client-key.pem -out $DIR/client-req.pem -days 3600 -config $DIR/openssl.cnf
- Remove a passphrase from the key (optional)
/usr/local/ssl/bin/openssl rsa -in
$DIR/client-key.pem -out $DIR/client-key.pem
- Sign client cert
/usr/local/ssl/bin/openssl ca -policy policy_anything -out
$DIR/client-cert.pem -config $DIR/openssl.cnf -infiles $DIR/client-req.pem
- Create a my.cnf file for testing the Certificates.
Store it either in /etc or MySQL data directory
(typically /usr/local/var for source installation)
my.cnf example content:
[client]
ssl-ca=$DIR/cacert.pem
ssl-cert=$DIR/client-cert.pem
ssl-key=$DIR/client-key.pem
[mysqld]
ssl-ca=$DIR/cacert.pem
ssl-cert=$DIR/server-cert.pem
ssl-key=$DIR/server-key.pem
- To start MySQL daemon:
/usr/local/libexec/mysqld -u mysql &
or
/usr/local/sbin/mysqld -u &
See also:
Step 3: Setting up Client Certificate for Navicat
|
home
previous
