Shulou(Shulou.com)06/01 Report--

SSL is a copy of an e-certificate, such as a driver's license and a business license, that keeps confidential documents confidential on the website. The main function of SSL certificate is to provide authentication for users and servers, encrypt and hide the transmitted data, and ensure that the data will not be changed during transmission, that is, the integrity of the data. The principle of SSL is the process of key negotiation-- TLS handshake. SSL principle is to better protect the security of data transmission. At present, commercial SSL certificates on the market can easily cost several thousand yuan, or as little as several hundred yuan. Now many people are applying for SSL certificates. Let's focus on MySQL SSL encrypted connections.

Background of MySQL SSL

When unencrypted SSL is used to connect to a MySQL database, all information transmitted on the network is in clear text

It can be intercepted by everyone in the network, and sensitive information may be disclosed. When transmitting sensitive information, such as passwords, you can use a SSL connection.

Therefore, many websites have turned on SSL functions by default, such as Facebook, Twtter, YouTube, Taobao and so on.

SSL connection

1. Confidentiality of data transmission: symmetric key algorithm is used to encrypt the transmitted data.

2. Authentication mechanism: now the certificate basically uses the electronic signature to authenticate the server and the client. It is worth noting that the authentication of the client is optional.

Install and configure SSL

(5.7.6 + version configuration. If the version is less than 5.7.6, the authentication file and secret key must be generated by openssl)

Modify permissions:

Chown mysql.mysql * .pem

View the authentication file and key file generated under datadir:

Restart mysql

Service mysqld stop

Service mysqld start

View ssl status and file location

Through ssl connection mode

Create a ssl test user, specifying that you can only connect through ssl (users who do not specify ssl can log in either through a username and password or through ssl)

Create user ssl_test@'%' identified by '123456'

Grant all on *. * to ssl_test@'%' identified by '123456'require ssl

Flush privileges

Connect via ssl by default, or do not add-- ssl-mode

5.7 client only has-- ssl-mode parameter, the old version had to use ssl-ca,ssl-cert,ssl-key to specify the file.

Connect via ssl+ secret key (more secure)

Create an x509 test user and specify that you can only connect through x509 encryption

Create user x509 laboratory tests% 'identified by' 123456'

Grant all on *. * to x509% 'identitifed by' 123456'require x509

Flush privileges

(the remote connection must copy the authentication file and key file to the remote server)

SSL certificate securely encrypts the website, which can effectively prevent hijacking, prevent your website from being maliciously implanted with advertisements, prevent tampering and monitoring from leaking users' passwords, and optimize the SEO ranking of search engines with SSL certificates.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.