How to generate a key using ssl in mysql

-- Mysql ssl generates a key
1 check whether ssl is enabled
Mysql> show variables like '% ssl % ';
+ --------------- + ---------- +
| Variable_name | Value |
+ --------------- + ---------- +
| Have_openssl | DISABLED |
| Have_ssl | DISABLED |
| Ssl_ca |
| Ssl_capath |
| Ssl_cert |
| Ssl_cipher |
| Ssl_crl |
| Ssl_crlpath |
| Ssl_key |
+ --------------- + ---------- +
9 rows in set (0.00 sec)

2 is not enabled, so open
Set the ssl parameter at the end of my. cnf and restart the mysql service.
Mysql> show variables like '% ssl % ';
+ --------------- + ------- +
| Variable_name | Value |
+ --------------- + ------- +
| Have_openssl | YES |
| Have_ssl | YES |
| Ssl_ca |
| Ssl_capath |
| Ssl_cert |
| Ssl_cipher |
| Ssl_crl |
| Ssl_crlpath |
| Ssl_key |
+ --------------- + ------- +
9 rows in set (0.00 sec)

3. Use openssl to generate the certificate configuration and generate the key on the mysql db server.
Mkdir-p/etc/mysql/newcerts/
Cd/etc/mysql/newcerts/
3.1 openssl genrsa 2048> ca-key.pem
3.2 openssl req-new-x509-nodes-days 1000-key ca-key.pem> ca-cert.pem
[Root @ mysql newcerts] # openssl req-new-x509-nodes-days 1000-key ca-key.pem> ca-cert.pem
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: ch
State or Province Name (full name) []: shh
Locality Name (eg, city) [Default City]: shh
Organization Name (eg, company) [Default Company Ltd]: xx
Organizational Unit Name (eg, section) []: db
Common Name (eg, your name or your server's hostname) []: mysql. yest. nos
Email Address []: xx@xx.com
3.3 openssl req-newkey rsa: 2048-days 1000-nodes-keyout server-key.pem> server-req.pem
[Root @ mysql newcerts] # openssl req-newkey rsa: 2048-days 1000-nodes-keyout server-key.pem> server-req.pem
Generating a 2048 bit RSA private key
........................................ ........................................ ....................... ++
........................................ .................. ++
Writing new private key to 'server-key. pem'
-----
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: ch
State or Province Name (full name) []: shh
Locality Name (eg, city) [Default City]: ssh
Organization Name (eg, company) [Default Company Ltd]: xx
Organizational Unit Name (eg, section) []: db
Common Name (eg, your name or your server's hostname) []: mysql. yest. nos
Email Address []: xx@xx.com
Please enter the following 'extra 'attributes
To be sent with your certificate request
A challenge password []: 820923
An optional company name []: xx

4. generate an ssl file on the mysql db server Client
4.1 openssl x509-req-in server-req.pem-days 1000-CA ca-cert.pem-CAkey ca-key.pem-set_serial 01> server-cert.pem
[Root @ mysql newcerts] # openssl x509-req-in server-req.pem-days 1000-CA ca-cert.pem-CAkey ca-key.pem-set_serial 01> server-cert.pem
Signature OK
Subject =/C = ch/ST = shh/L = ssh/O = ea/OU = db/CN = mysql. yest. nos/emailAddress = cm@xx.com
Getting CA Private Key
4.2 openssl req-newkey rsa: 2048-days 1000-nodes-keyout client-key.pem> client-req.pem
[Root @ mysql newcerts] # openssl req-newkey rsa: 2048-days 1000-nodes-keyout client-key.pem> client-req.pem
Generating a 2048 bit RSA private key
... ++
........................................ ................ ++
Writing new private key to 'client-key. pem'
-----
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: ch
State or Province Name (full name) []: shh
Locality Name (eg, city) [Default City]: shh
Organization Name (eg, company) [Default Company Ltd]: xx
Organizational Unit Name (eg, section) []: db
Common Name (eg, your name or your server's hostname) []: mysql. yest. nos
Email Address []: cx@xx.com
Please enter the following 'extra 'attributes
To be sent with your certificate request
A challenge password []: 820923
An optional company name []: xx
4.3
Openssl x509-req-in client-req.pem-days 1000-CA ca-cert.pem-CAkey ca-key.pem-set_serial 01> client-cert.pem
[Root @ mysql newcerts] # openssl x509-req-in client-req.pem-days 1000-CA ca-cert.pem-CAkey ca-key.pem-set_serial 01> client-cert.pem
Signature OK
Subject =/C = ch/ST = shh/L = shh/O = ea/OU = db/CN = mysql. yest. nos/emailAddress = cm@xx.com
Getting CA Private Key

5
[] Copy clent. * three files to the client machine/opt/mysql/ssl.

6. login verification
Mysql-uxxx-pxxxx -- ssl-ca =/opt/mysql/ssl/ca-cert.pem -- ssl-cert =/opt/mysql/ssl/server-cert.pem -- ssl-key =/opt/mysql /ssl/server-key.pem
Conferce: http://www.docin.com/p-151590189.html