mysql通過ssl的方式生成秘鑰具體生成步驟
2024-07-24 12:48:28
供稿:網友
-- mysql ssl 生成秘鑰
1 check ssl是否已經開啟
mysql> show variables like '%ssl%';
+---------------+----------+
| Variable_name | Value |
+---------------+----------+
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | |
+---------------+----------+
9 rows in set (0.00 sec)
2 沒有開啟,所以打開
在my.cnf末尾端設置ssl 參數, 然后重新啟動mysql服務即可
mysql> show variables like '%ssl%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | |
+---------------+-------+
9 rows in set (0.00 sec)
3 通過openssl生成證書的配置, 在mysql db server上生成秘鑰
mkdir -p /etc/mysql/newcerts/
cd /etc/mysql/newcerts/
3.1 openssl genrsa 2048 > ca-key.pem
3.2 openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
[root@mysql newcerts]# openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:shh
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:db
Common Name (eg, your name or your server''s hostname) []:mysql.yest.nos
Email Address []:xx@xx.com
3.3 openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
[root@mysql newcerts]# openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
Generating a 2048 bit RSA private key
.......................................................................................................+++
..........................................................+++
writing new private key to 'server-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:ssh
Organization Name (eg, company) [Default Company Ltd]:xx
