–mysqlssl生成秘钥
1checkssl是否已经开启
mysql>showvariableslike’%ssl%’;
+—————+———-+
|Variable_name|Value|
+—————+———-+
|have_openssl|DISABLED|
|have_ssl|DISABLED|
|ssl_ca||
|ssl_capath||
|ssl_cert||
|ssl_cipher||
|ssl_crl||
|ssl_crlpath||
|ssl_key||
+—————+———-+
9rowsinset(0.00sec)
2没有开启,所以打开
在my.cnf末尾端设置ssl参数,然后重新启动mysql服务即可
mysql>showvariableslike’%ssl%’;
+—————+——-+
|Variable_name|Value|
+—————+——-+
|have_openssl|YES|
|have_ssl|YES|
|ssl_ca||
|ssl_capath||
|ssl_cert||
|ssl_cipher||
|ssl_crl||
|ssl_crlpath||
|ssl_key||
+—————+——-+
9rowsinset(0.00sec)
3通过openssl生成证书的配置,在mysqldbserver上生成秘钥
mkdir-p/etc/mysql/newcerts/
cd/etc/mysql/newcerts/
3.1opensslgenrsa2048>ca-key.pem
3.2opensslreq-new-x509-nodes-days1000-keyca-key.pem>ca-cert.pem
[root@mysqlnewcerts]#opensslreq-new-x509-nodes-days1000-keyca-key.pem>ca-cert.pem
Youareabouttobeaskedtoenterinformationthatwillbeincorporated
intoyourcertificaterequest.
WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.
Therearequiteafewfieldsbutyoucanleavesomeblank
Forsomefieldstherewillbeadefaultvalue,
Ifyouenter’.’,thefieldwillbeleftblank.
—–
CountryName(2lettercode)[XX]:ch
StateorProvinceName(fullname)[]:shh
LocalityName(eg,city)[DefaultCity]:shh
OrganizationName(eg,company)[DefaultCompanyLtd]:xx
OrganizationalUnitName(eg,section)[]:db
CommonName(eg,yournameoryourserver”shostname)[]:mysql.yest.nos
EmailAddress[]:xx@xx.com
3.3opensslreq-newkeyrsa:2048-days1000-nodes-keyoutserver-key.pem>server-req.pem
[root@mysqlnewcerts]#opensslreq-newkeyrsa:2048-days1000-nodes-keyoutserver-key.pem>server-req.pem
Generatinga2048bitRSAprivatekey
………………………………………………………………………………………….+++
………………………………………………….+++
writingnewprivatekeyto’server-key.pem’
—–
Youareabouttobeaskedtoenterinformationthatwillbeincorporated
intoyourcertificaterequest.
WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.
Therearequiteafewfieldsbutyoucanleavesomeblank
Forsomefieldstherewillbeadefaultvalue,
Ifyouenter’.’,thefieldwillbeleftblank.
—–
CountryName(2lettercode)[XX]:ch
StateorProvinceName(fullname)[]:shh
LocalityName(eg,city)[DefaultCity]:ssh
OrganizationName(eg,company)[DefaultCompanyLtd]:xx
OrganizationalUnitName(eg,section)[]:db
CommonName(eg,yournameoryourserver”shostname)[]:mysql.yest.nos
EmailAddress[]:xx@xx.com
Pleaseenterthefollowing’extra’attributes
tobesentwithyourcertificaterequest
Achallengepassword[]:820923
Anoptionalcompanyname[]:xx
4在mysqldbserver客户端生成ssl文件
4.1opensslx509-req-inserver-req.pem-days1000-CAca-cert.pem-CAkeyca-key.pem-set_serial01>server-cert.pem
[root@mysqlnewcerts]#opensslx509-req-inserver-req.pem-days1000-CAca-cert.pem-CAkeyca-key.pem-set_serial01>server-cert.pem
Signatureok
subject=/C=ch/ST=shh/L=ssh/O=ea/OU=db/CN=mysql.yest.nos/emailAddress=cm@xx.com
GettingCAPrivateKey
4.2opensslreq-newkeyrsa:2048-days1000-nodes-keyoutclient-key.pem>client-req.pem
[root@mysqlnewcerts]#opensslreq-newkeyrsa:2048-days1000-nodes-keyoutclient-key.pem>client-req.pem
Generatinga2048bitRSAprivatekey
…….+++
………………………………………………..+++
writingnewprivatekeyto’client-key.pem’
—–
Youareabouttobeaskedtoenterinformationthatwillbeincorporated
intoyourcertificaterequest.
WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.
Therearequiteafewfieldsbutyoucanleavesomeblank
Forsomefieldstherewillbeadefaultvalue,
Ifyouenter’.’,thefieldwillbeleftblank.
—–
CountryName(2lettercode)[XX]:ch
St ateorProvinceName(fullname)[]:shh
LocalityName(eg,city)[DefaultCity]:shh
OrganizationName(eg,company)[DefaultCompanyLtd]:xx
OrganizationalUnitName(eg,section)[]:db
CommonName(eg,yournameoryourserver”shostname)[]:mysql.yest.nos
EmailAddress[]:cx@xx.com
Pleaseenterthefollowing’extra’attributes
tobesentwithyourcertificaterequest
Achallengepassword[]:820923
Anoptionalcompanyname[]:xx
4.3
opensslx509-req-inclient-req.pem-days1000-CAca-cert.pem-CAkeyca-key.pem-set_serial01>client-cert.pem
[root@mysqlnewcerts]#opensslx509-req-inclient-req.pem-days1000-CAca-cert.pem-CAkeyca-key.pem-set_serial01>client-cert.pem
Signatureok
subject=/C=ch/ST=shh/L=shh/O=ea/OU=db/CN=mysql.yest.nos/emailAddress=cm@xx.com
GettingCAPrivateKey
5
[]copyclent.*3个文件到客户端机器上面/opt/mysql/ssl/去。
6登陆验证
mysql-uxxx-pxxxx–ssl-ca=/opt/mysql/ssl/ca-cert.pem–ssl-cert=/opt/mysql/ssl/server-cert.pem–ssl-key=/opt/mysql/ssl/server-key.pem
conferce:https://www.docin.com/p-151590189.html 您可能感兴趣的文章:linux系统中使用openssl实现mysql主从复制多种不同的MySQL的SSL配置MySQL基于SSL协议进行主从复制的详细操作教程多种不同的MySQL的SSL配置mysqlshowprocesslist显示mysql查询进程通过mysqlshowprocesslist命令检查mysql锁的方法processlist命令查看mysql线程Apache、SSL、MySQL和PHP平滑无缝地安装apache+mysql+php+ssl服务器之完全安装攻略MySQL使用SSL连接配置详解
批量清除128组节点db上面过期的binlog释放磁盘空间实现思路
浅谈MySQL存储引擎选择 InnoDB与MyISAM的优缺点分析
上述就是数据库技术:mysql通过ssl的方式生成秘钥具体生成步骤分享的全部内容,如果对大家有所用处且需要了解更多关于mysql数据库学习教程,希望大家多多关注—计算机技术网(www.ctvol.com)!
本文来自网络收集,不代表计算机技术网立场,如涉及侵权请联系管理员删除。
ctvol管理联系方式QQ:251552304
本文章地址:https://www.ctvol.com/dtteaching/910685.html