1. install OpenSSL: Download opensslversion0.9.6(www.openssl.orgw.shellzcat0.96l.tar.gz | install tarxvf mysql
1. install OpenSSL:
Download OpenSSL Version 0.9.6 (www.openssl.org)
Shell> zcat 0.96l.tar.gz | tar xvf-
Shell>./config
Shell> make
Shell> make install
2. install MySQL:
Download MySQL Version 4.0.14 Source (mysql-4.0.14.tar.gz)
Shell> groupadd mysql
Shell> useradd-g mysql
Shell> gunzip | mysql-VERSION.tar.gz | tar-xvf-
Shell> cd mysql-VERSION
Shell>./configure -- prefix =/usr/local/mysql -- with-openssl -- with-vio
Shell> make
Shell> make install
Shells> cp support-files/my-medium.cnf/etc/my. cnf
Shell> cd/usr/local/mysql
Shell> bin/mysql_install_db -- user = mysql
Shell> chown-R root.
Shell> chown-R mysql var
Shell> chgrp-R mysql.
Shell> bin/mysqld_safe -- user = mysql &
3. modify the mysql password and access permissions(As needed. May cause security issues)
Shell> cd/usr/local/mysql/bin/
Shell>./mysql-u root-p
Mysql> insert into mysql. user VALUES ('%', 'root', PASSWORD ('1qw23e '), 'y ', 'Y', 'y ', 'Y', 'y ', 'Y', '', 0, 0, 0 );
4. generate an SSL certificate
DIR = 'pwd'/openssl
PRIV = $ DIR/private
Mkdir $ DIR $ PRIV $ DIR/newcerts
Cp/usr/share/ssl/openssl. cnf $ DIR
Replace./demoCA $ DIR -- $ DIR/openssl. cnf
# Create necessary files: $ database, $ serial and $ new_certs_dir
# Directory (optional)
Touch $ DIR/index.txt
Echo "01"> $ DIR/serial
# Generation of Certificate Authority (CA)
Openssl req-new-x509-keyout $ PRIV/cakey. pem-out $ DIR/cacert. pem \
-Config $ DIR/openssl. cnf
Note: if you were requested to enter "PEM pass", please enter different "PEM pass" in the following steps.
# Create server request and key
Openssl req-new-keyout $ dir/ server-key.pem-out \
$ DIR/server-req.pem-days 3600-config $ DIR/openssl. cnf
# Remove the passphrase from the key (optional)
Openssl rsa-in $ DIR/server-key.pem-out $ DIR/server-key.pem
# Sign server cert
Openssl ca-policy policy_anything-out $ DIR/server-cert.pem \
-Config $ DIR/openssl. cnf-infiles $ DIR/server-req.pem
# Create client request and key
Openssl req-new-keyout $ dir/ client-key.pem-out \
$ DIR/client-req.pem-days 3600-config $ DIR/openssl. cnf
# Remove a passphrase from the key (optional)
Openssl rsa-in $ DIR/client-key.pem-out $ DIR/client-key.pem
# Sign client cert
Openssl ca-policy policy_anything-out $ DIR/client-cert.pem \
-Config $ DIR/openssl. cnf-infiles $ DIR/client-req.pem
5. modify option textParts
/Etc/my. cnf
[Client]
Ssl-ca = $ DIR/cacert. pem
Ssl-cert = $ DIR/client-cert.pem
Ssl-key = $ DIR/client-key.pem
[Mysqld]
Ssl-ca = $ DIR/cacert. pem
Ssl-cert = $ DIR/server-cert.pem
Ssl-key = $ DIR/server-key.pem
6. test mysql startup
$ DIR is the path of the option file my. cnf
Shell> mysqld -- defaults-file = $ DIR/my. cnf &
Then invoke a client program using the same option file:
Shell> mysql -- defaults-file = $ DIR/my. cnf
Run the following statement. if the following result is returned, the installation is successful.
Mysql> show variables like 'have _ openssl ';
+ --------------- + ------- +
| Variable_name | Value |
+ --------------- + ------- +
| Have_openssl | YES |
+ --------------- + ------- +
7. start MySQL daemon
/Usr/local/libexec/mysqld-u mysql & OR/usr/local/sbin/mysqld &