Shulou(Shulou.com)06/01 Report--

The method of creating SSL file by MySQL5.6

Official document: https://dev.mysql.com/doc/refman/5.6/en/creating-ssl-files-using-openssl.html#creating-ssl-files-using-openssl-unix-command-line

Create clean environment

Mkdir / home/mysql/mysqlcerts & & cd / home/mysql/mysqlcerts

Create CA certificate

Openssl genrsa 2048 > ca-key.pem

Openssl req-new-x509-nodes-days 3600-key ca-key.pem-out ca.pem

Create server certificate, remove passphrase, and sign it

Server-cert.pem = public key, server-key.pem = private key

Openssl req-newkey rsa:2048-days 3600-nodes-keyout server-key.pem-out server-req.pem

Openssl rsa-in server-key.pem-out server-key.pem

Openssl x509-req-in server-req.pem-days 3600-CA ca.pem-CAkey ca-key.pem-set_serial 01-out server-cert.pem

Create client certificate, remove passphrase, and sign it

Client-cert.pem = public key, client-key.pem = private key

Openssl req-newkey rsa:2048-days 3600-nodes-keyout client-key.pem-out client-req.pem

Openssl rsa-in client-key.pem-out client-key.pem

Openssl x509-req-in client-req.pem-days 3600-CA ca.pem-CAkey ca-key.pem-set_serial 01-out client-cert.pem

Openssl verify-CAfile ca.pem server-cert.pem client-cert.pem

Server-cert.pem: OK

Client-cert.pem: OK

The method of creating SSL file by MySQL5.7

Official document: https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-rsa-files-using-mysql.html

Mkdir-p / home/mysql/mysqlcerts

/ usr/local/mysql-5.7.21-linux-glibc2.12-x86_64/bin/mysql_ssl_rsa_setup-- datadir=/home/mysql/mysqlcerts/

Configure the main library after creating the SSL

From the library 192.168.1.222

Mkdir-p / home/mysql/mysqlcerts

Main library

Chown-R mysql.mysql / home/mysql/mysqlcerts/

Scp ca.pem client-cert.pem client-key.pem root@192.168.1.222:/home/mysql/mysqlcerts/

Main library authorization

GRANT REPLICATION SLAVE ON *. * TO 'repl'@'192.168.1.222' identified by' require ssl

Main library my.cnf

# SSL

Ssl-ca=/home/mysql/mysqlcerts/ca.pem

Ssl-cert=/home/mysql/mysqlcerts/server-cert.pem

Ssl-key=/home/mysql/mysqlcerts/server-key.pem

Restart mysql

Slave library

Chown-R mysql.mysql / home/mysql/mysqlcerts/

My.cnf

Ssl-ca=/home/mysql/mysqlcerts/ca.pem

Ssl-cert= / home/mysql/mysqlcerts/client-cert.pem

Ssl-key= / home/mysql/mysqlcerts/client-key.pem

Create a replication:

Change master to master_host='',master_user='',master_password='',master_log_file='mysql-bin.000001',master_log_pos=154, master_ssl=1, master_ssl_ca='/home/mysql/mysqlcerts/ca.pem', master_ssl_cert='/home/mysql/mysqlcerts/client-cert.pem', master_ssl_key='/home/mysql/mysqlcerts/client-key.pem', MASTER_CONNECT_RETRY=10

Verify:

After the main library is configured with SSL authentication, the client logs in as SSL by default

Mysql-utest-h292.168.1.223-ptest-P3307

(the account can log in regardless of whether it is configured with or without require ssl)

The command not to log in as SSL is:

Mysql-utest-h292.168.1.223-ptest-P3307-- ssl-mode=DISABLED

(if the account is configured with require ssl, you cannot log in)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.