通常我们在编译MySQL的时候都加入了with-openssl选项,但这并不代表MySQL已经支持了OpenSSL连接,我们可以通过如下命令进行检测:
SHOW VARIABLES LIKE "have_openssl";
如果显示DISABLED则表明MySQL尚不支持OpenSSL。
建立SSL证书
;;建几个目录和文件
mkdir /usr/local/myssl
cd /usr/local/myssl
mkdir private newcerts
touch index.txt
echo "01" > serial
;;拷贝一份OpenSSL的缺省配置到当前目录
cp /usr/local/openssl/openssl.cnf .
;;修改当前目录下的openssl.cnf,将./demoCA替换为/usr/local/myssl,replace的具体用法见man
replace ./demoCA /usr/local/myssl -- /usr/local/myssl/openssl.cnf
;;建立根证书
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -config openssl.cnf
# Sample output:
# Using configuration from /usr/local/myssl/openssl.cnf
# Generating a 1024 bit RSA private key
# ................++++++
# .........++++++
# writing new private key to "/usr/local/myssl/private/cakey.pem"
# Enter PEM pass phrase:
# Verifying password - Enter PEM pass phrase:
# -----
# You are about to be asked to enter information that will be
# incorporated into your certificate request.
# What you are about to enter is what is called a Distinguished Name
# or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter ".", the field will be left blank.
# -----
# Country Name (2 letter code) [AU]:CN
# State or Province Name (full name) [Some-State]:ZJ
# Locality Name (eg, city) []:JX
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Centeur CA
# Organizational Unit Name (eg, section)[] :HN
# Common Name (eg, YOUR name)[] :MySQL admin
# Email Address []:lypdarling@gmail.com
;;建立服务端证书
openssl req -new -keyout server-key.pem -out server-req.pem -days 3600 -config openssl.cnf
# Sample output:
# Using configuration from /usr/local/myssl/openssl.cnf
# Generating a 1024 bit RSA private key
# ..++++++
# ..........++++++
# writing new private key to "/usr/local/myssl/server-key.pem"
# Enter PEM pass phrase:
# Verifying password - Enter PEM pass phrase:
# -----
# You are about to be asked to enter information that will be
# incorporated into your certificate request.
# What you are about to enter is what is called a Distinguished Name
# or a DN.
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value,
# If you enter ".", the field will be left blank.
# -----
# Country Name (2 letter code) [AU]:CN
# State or Province Name (full name) [Some-State]:ZJ
# Locality Name (eg, city) []:JX
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Centeur CA
# Organizational Unit Name (eg, section) []:HN
# Common Name (eg, YOUR name) []:MySQL server
# Email Address []:lypdarling@gmail.com
#
# Please enter the following "extra" attributes
# to be sent with your certificate request
# A challenge password []:
# An optional company name []:
;;移除server-key中的passphrase(可选)
openssl rsa -in server-key.pem -out server-key.pem
| 【内容导航】 |
| 第1页:学习进阶 建立MySQL的SSL连接通道 | 第2页:学习进阶 建立MySQL的SSL连接通道 |
ORACLE_SID在Linux平台或对大小写敏感成功解决红旗5NE的安装引导问题相关资讯 mysql SSL连接通道
- 数据库服务器 MySQL (08/15/2013 06:50:23)
- MySQL 5.6 GA 及逃亡潮 (02/08/2013 14:36:35)
- MySQL 5.5.22、5.1.62、5.0.96全线 (03/22/2012 19:03:49)
| - MySQL Administrator连接VMWare下 (05/24/2013 09:20:58)
- MySQL 5.1.68 发布 (02/05/2013 08:37:47)
- CentOS 5.2+MySQL+Heartbeat双机互 (01/29/2012 11:16:55)
|
本文评论 查看全部评论 (0)
易网时代-编程资源站