MySQL SSL connection
来源:互联网 发布:景区门票网络销售 编辑:程序博客网 时间:2024/06/06 01:33
http://dev.mysql.com/doc/refman/5.0/en/secure-using-ssl.html
http://stackoverflow.com/questions/5384338/sysbench-with-ssl
http://www.cnblogs.com/huqingyu/archive/2009/03/22/1418936.html
建立 CA 憑證:
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 1000 -key ca-key.pem -passin pass:123456 -passout pass:123456 -subj /C=CN/O=INFOSEC/CN=nicky > ca-cert.pem
建立 MySQL Server 憑證
openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem -passin pass:123456 -passout pass:123456 -subj /C=CN/O=INFOSEC/CN=nicky > server-req.pem
openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
建立 MySQL Client 憑證
openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem -passin pass:123456 -passout pass:123456 -subj /C=CN/O=INFOSEC/CN=nicky > client-req.pem
openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
修改 MySQL 設定檔 my.cnf,加上:
ssl-ca=/etc/mysql/ca-cert.pem
ssl-cert=/etc/mysql/server-cert.pem
ssl-key=/etc/mysql/server-key.pem
重新啟動 MySQL,再檢查一次是否已經打開 SSL 功能:
have_ssl = YES,MySQL 的設定就告一段落了。用 MySQL Client 測試一下:
shell> mysql --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem -u root -p
測試無誤後,
按照上面的步骤配置的时候,遇到了一些问题:
1. 由于习惯问题,刚开始的时候把这些文件都放在/root目录下面,而mysql是用mysql帐号启动的。导致instance启动失败了。。。。
最后确认是权限原因。。
2. 连接是直接用了默认安装的mysql的client binary。。。。mysql client binary也需要打开ssl的选项。。。。。
- MySQL SSL connection
- 关于MySql的SSL-Connection
- Mysql Workbench connection ssl not enable问题解决
- Mysql报警告:WARN: Establishing SSL connection
- MySQL: Unable to establish SSL connection.
- ssl connection
- Java连接Mysql数据库警告:Establishing SSL connection
- Warning about SSL connection when connecting to MySQL database
- Mininet with SSL connection
- WARN: Establishing SSL connection
- Java连接Mysql数据库警告:Establishing SSL connection without server's identity verification is not recommend
- MySQL 警告WARN: Establishing SSL connection without server's identity verification is not recommended.
- MySQL 警告WARN: Establishing SSL connection without server's identity verification is not recommended.
- 连接mysql出现警告:Establishing SSL connection without server's identity verification is not recommended
- Mysql警告Establishing SSL connection without server's identity verification is not recommended
- MySQL警告:Establishing SSL connection without server's identity verification is not recommended. Accor
- Java连接Mysql数据库警告:Establishing SSL connection without server's identity verification is not recommend
- [Mysql] 数据库连接:Establishing SSL connection without server's identity verification is not recommended.
- c++设计模式(11)-Visitor模式
- SQL语句性能调整原则
- TCP为什么要三次握手,不是两次四次
- 带缓存的函数 示例
- 我的命名规范
- MySQL SSL connection
- EditText详解
- Java处理文件路径的类
- ASEERT
- 股市和赌场
- Object C 入门(转)
- 五一照相
- c++设计模式(12)-Observer模式
- mysql 绿色安装