Avatar
http://stackoverflow.com/questions/2045 ... 4#23599624
1.- generate CA key and certificate(2 commands create 2 files)
openssl genrsa 2048 >ca.key //creates ca.key
openssl req -new -x509 -nodes -days 3600 -key 'ca.key' > 'ca.crt' //creates certificate
2.- generate server key and signed certificate(2 commands create 3 files)
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout 'server.key' > server.csr' //create key and csr
openssl x509 -req -in 'server.csr' -days 3600 -CA 'ca.crt' -CAkey 'ca.key' -set_serial 01 > 'server.crt' //creates certificate
3.- generate client key and certificate (2 commands create 3 files)
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout 'client.key' > 'client.csr' //creates key and csr
openssl x509 -req -in 'client.csr' -days 3600 -CA 'ca.crt' -CAkey 'ca.key' -set_serial 01 > 'client.crt'
4.- create SSL user:
GRANT ALL PRIVILEGES ON *.* TO 'ssluser'@'%' IDENTIFIED BY 'secret-passwd' REQUIRE SSL;
5.- update my.cnf
[mysqld]
ssl-ca = "ca.crt"
ssl-cert = "server.crt"
ssl-key = "server.key"
[client]
ssl-ca=ca.crt
ssl-cert=client.crt
ssl-key=client.key
//MySQL workbench, use: ca.key, client.crt and client.key without password:
openssl rsa -in client.key -out client-nopasswd.key
Comments
Comments are not available for this entry.