We usually add the with-openssl option when compiling MySQL, but this does not mean that MySQL already supports OpenSSL connections. We can use the following command to check the connection:
Show variables like 'have _ openssl ';
If DISABLED is displayed, MySQL does not support OpenSSL.
Create an SSL Certificate
; Create several directories and files
Mkdir/usr/local/myssl
Cd/usr/local/myssl
Mkdir private newcerts
Touch index.txt
Echo "01"> serial
; Copy the default OpenSSL configuration to the current directory.
Cp/usr/local/openssl. cnf.
; Modify openssl. cnf in the current directory and replace./demoCA with/usr/local/myssl. For specific replace usage, see man
Replace./demoCA/usr/local/myssl --/usr/local/myssl/openssl. cnf
; Create a root certificate
Openssl req-new-x509-keyout private/cakey. pem-out cacert. pem-config openssl. cnf
# Sample output:
# Using configuration from/usr/local/myssl/openssl. cnf
# Generating a 1024 bit RSA private key
# ......
# ......
# Writing new private key to '/usr/local/myssl/private/cakey. pem'
# Enter PEM pass phrase:
# Verifying password-Enter PEM pass phrase:
#-----
# You are about to be asked to enter information that will be
# Ininitialized into your certificate request.
# What you are about to enter is what is called a Distinguished Name
# Or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter '.', the field will be left blank.
#-----
# Country Name (2 letter code) [AU]: CN
# State or Province Name (full name) [Some-State]: ZJ
# Locality Name (eg, city) []: JX
# Organization Name (eg, company) [Internet Widgits Pty Ltd]: Centeur CA
# Organizational Unit Name (eg, section) []: HN
# Common Name (eg, YOUR name) []: MySQL admin
# Email Address []: lypdarling@gmail.com
; Create a server certificate
Openssl req-new-keyout server-key.pem-out server-req.pem-days 3600-config openssl. cnf
# Sample output:
# Using configuration from/usr/local/myssl/openssl. cnf
# Generating a 1024 bit RSA private key
#... ++
# ......
# Writing new private key to '/usr/local/myssl/server-key.pem'
# Enter PEM pass phrase:
# Verifying password-Enter PEM pass phrase:
#-----
# You are about to be asked to enter information that will be
# Ininitialized into your certificate request.
# What you are about to enter is what is called a Distinguished Name
# Or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter '.', the field will be left blank.
#-----
# Country Name (2 letter code) [AU]: CN
# State or Province Name (full name) [Some-State]: ZJ
# Locality Name (eg, city) []: JX
# Organization Name (eg, company) [Internet Widgits Pty Ltd]: Centeur CA
# Organizational Unit Name (eg, section) []: HN
# Common Name (eg, YOUR name) []: MySQL server
# Email Address []: lypdarling@gmail.com
#
# Please enter the following 'extra 'attributes
# To be sent with your certificate request
# A challenge password []:
# An optional company name []:
; Remove passphrase from server-key (optional)
Openssl rsa-in server-key.pem-out server-key.pem
|
| [Content navigation] | |
| Page 1st: Learn how to build an SSL connection channel for MySQL | Page 2nd: Learn how to build an SSL connection channel for MySQL |
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
