MySQL SSL Configuration

Create a CA certificate:
OpenSSL genrsa 2048> ca-key.pem
OpenSSL req-New-X509-nodes-days 1000-key ca-key.pem-passin pass: 123456-passout pass: 123456-subj/C = Cn/o = Infosec/CN = Nicky> ca-cert.pem

Create a MySQL server license
OpenSSL req-newkey RSA: 2048-days 1000-nodes-keyout server-key.pem-passin pass: 123456-passout pass: 123456-subj/C = Cn/o = Infosec/CN = Nicky> server-req.pem
OpenSSL X509-req-In server-req.pem-days 1000-Ca ca-cert.pem-Cakey ca-key.pem-set_serial 01> server-cert.pem

Create a mysql client license
OpenSSL req-newkey RSA: 2048-days 1000-nodes-keyout client-key.pem-passin pass: 123456-passout pass: 123456-subj/C = Cn/o = Infosec/CN = Nicky> client-req.pem
OpenSSL X509-req-In client-req.pem-days 1000-Ca ca-cert.pem-Cakey ca-key.pem-set_serial 01> client-cert.pem

Modify MySQL settings my. CNF, and add:

SSL-CA =/etc/MySQL/ca-cert.pem
SSL-certifict =/etc/MySQL/server-cert.pem
SSL-Key =/etc/MySQL/server-key.pem
Restart MySQL and check whether the SSL function is enabled again:

Have_ssl = Yes, the MySQL settings will come to an end. Use the mysql client to perform the following operations:

Shell> MySQL -- SSL-CA = ca-cert.pem -- SSL-Cert = client-cert.pem -- SSL-Key = client-key.pem-u root-P
When the program fails, you need to compile a Java program and use SSL to parse MySQL. Before writing a program, you must use Java's keytool to create truststore and keystore:

Create a truststore:

Shell> keytool-import-alias mysqlservercacert-file ca-cert.pem-keystore truststore

Create a keystore:
The mysql client certificate created before login must first be written into the DER format:

Shell & gt; OpenSSL X509-outform der-In client-cert.pem-out client. Cert

Production keystore:

Shell> keytool-import-file client. cert-keystore-alias mysqlclientcertificate

Place the established truststore and keystore in a safe place, followed by the Java code:

Import java. SQL. connection;
Import java. SQL. drivermanager;
Import java. SQL. resultset;
Import java. SQL. statement;

Public class mysql_ssl_test {

Static private string db_user = "username ";
Static private string db_password = "password ";

Public static void main (string [] ARGs ){
Try {
Class. forname ("com. MySQL. JDBC. Driver"). newinstance ();
System. setproperty ("javax.net. SSL. keystore", "/your_path/keystore ");
System. setproperty ("javax.net. SSL. keystorepassword", "password ");
System. setproperty ("javax.net. SSL. truststore", "/your_path/truststore ");
System. setproperty ("javax.net. SSL. truststorepassword", "password ");
Connection con = drivermanager. getconnection ("JDBC: mysql: // your_host: 3306/database? User = "+ db_user +" & Password = "+ db_password +" & useunicode = true & characterencoding = utf8 & usessl = true ");
String query = "select * from table ";
Statement STM = con. createstatement ();
Resultset res = cmd.exe cutequery (query );
While (res. Next ()){
System. Out. println (res. getstring (1 ));
}
Res. Close ();
STM. Close ();
Con. Close ();
} Catch (exception e ){
System. Out. println ("caught exception:" + E. tostring ());
}
}
}

If you can leverage the query data, you will be done!

More than one anti-DDOS service is more secure, but it is just like the anti-virus service. Even if it is often updated, it cannot guarantee 100% of the Security. Pay more attention to everything, there are really no important resources, or do not place them on the Internet, which is more secure than others!