In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)06/01 Report--
The method of creating SSL file by MySQL5.6
Official document: https://dev.mysql.com/doc/refman/5.6/en/creating-ssl-files-using-openssl.html#creating-ssl-files-using-openssl-unix-command-line
Create clean environment
Mkdir / home/mysql/mysqlcerts & & cd / home/mysql/mysqlcerts
Create CA certificate
Openssl genrsa 2048 > ca-key.pem
Openssl req-new-x509-nodes-days 3600-key ca-key.pem-out ca.pem
Create server certificate, remove passphrase, and sign it
Server-cert.pem = public key, server-key.pem = private key
Openssl req-newkey rsa:2048-days 3600-nodes-keyout server-key.pem-out server-req.pem
Openssl rsa-in server-key.pem-out server-key.pem
Openssl x509-req-in server-req.pem-days 3600-CA ca.pem-CAkey ca-key.pem-set_serial 01-out server-cert.pem
Create client certificate, remove passphrase, and sign it
Client-cert.pem = public key, client-key.pem = private key
Openssl req-newkey rsa:2048-days 3600-nodes-keyout client-key.pem-out client-req.pem
Openssl rsa-in client-key.pem-out client-key.pem
Openssl x509-req-in client-req.pem-days 3600-CA ca.pem-CAkey ca-key.pem-set_serial 01-out client-cert.pem
Openssl verify-CAfile ca.pem server-cert.pem client-cert.pem
Server-cert.pem: OK
Client-cert.pem: OK
The method of creating SSL file by MySQL5.7
Official document: https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-rsa-files-using-mysql.html
Mkdir-p / home/mysql/mysqlcerts
/ usr/local/mysql-5.7.21-linux-glibc2.12-x86_64/bin/mysql_ssl_rsa_setup-- datadir=/home/mysql/mysqlcerts/
Configure the main library after creating the SSL
From the library 192.168.1.222
Mkdir-p / home/mysql/mysqlcerts
Main library
Chown-R mysql.mysql / home/mysql/mysqlcerts/
Scp ca.pem client-cert.pem client-key.pem root@192.168.1.222:/home/mysql/mysqlcerts/
Main library authorization
GRANT REPLICATION SLAVE ON *. * TO 'repl'@'192.168.1.222' identified by' require ssl
Main library my.cnf
# SSL
Ssl-ca=/home/mysql/mysqlcerts/ca.pem
Ssl-cert=/home/mysql/mysqlcerts/server-cert.pem
Ssl-key=/home/mysql/mysqlcerts/server-key.pem
Restart mysql
Slave library
Chown-R mysql.mysql / home/mysql/mysqlcerts/
My.cnf
Ssl-ca=/home/mysql/mysqlcerts/ca.pem
Ssl-cert= / home/mysql/mysqlcerts/client-cert.pem
Ssl-key= / home/mysql/mysqlcerts/client-key.pem
Create a replication:
Change master to master_host='',master_user='',master_password='',master_log_file='mysql-bin.000001',master_log_pos=154, master_ssl=1, master_ssl_ca='/home/mysql/mysqlcerts/ca.pem', master_ssl_cert='/home/mysql/mysqlcerts/client-cert.pem', master_ssl_key='/home/mysql/mysqlcerts/client-key.pem', MASTER_CONNECT_RETRY=10
Verify:
After the main library is configured with SSL authentication, the client logs in as SSL by default
Mysql-utest-h292.168.1.223-ptest-P3307
(the account can log in regardless of whether it is configured with or without require ssl)
The command not to log in as SSL is:
Mysql-utest-h292.168.1.223-ptest-P3307-- ssl-mode=DISABLED
(if the account is configured with require ssl, you cannot log in)
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.