MySQL Forums :: JDBC and Java :: Please help me!!! Problem in establishing a SSL enabled connection from a Java application to MySQL
Re: Please help me!!! Problem in establishing a SSL enabled connection from a Java application to MySQL
Posted by: bob eff ()
Date: October 19, 2007 03:30PM
we got ssl working with mysql without requireSSL and without the client passing a cert on jdbc.
we defined the ssl variables in the my.cnf startup file:
[mysqld]
ssl-ca=/opt/mysql/certs/ca-cert.pem
ssl-cert=/opt/mysql/certs/server-cert.pem
ssl-key=/opt/mysql/certs/server-key.pem
i dont know if you have to do all three or not?
then, make sure the mysql server shows:
+---------------+-------------------------------------------+
| Variable_name | Value |
+---------------+-------------------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /opt/mysql/certs/ca-cert.pem
| ssl_capath | |
| ssl_cert | /opt/mysql/certs/server-cert.pem
| ssl_cipher | |
| ssl_key | /opt/mysql/certs/server-key.pem
+---------------+-------------------------------------------+
then in the jdbc connector URL, add the useSSL=true parameter:
url="jdbc:mysql://128.200.184.8:3306/codes?useSSL=true"
on unix, you can use snoop to see the packets being encrypted or unencrypted.
also, you can grant the user "require ssl" and they are forced to connect with SSL. otherwise, it's their option.
grant select, insert, update, delete, execute on test.* to username@'%' require ssl
Add your own comment.
we defined the ssl variables in the my.cnf startup file:
[mysqld]
ssl-ca=/opt/mysql/certs/ca-cert.pem
ssl-cert=/opt/mysql/certs/server-cert.pem
ssl-key=/opt/mysql/certs/server-key.pem
i dont know if you have to do all three or not?
then, make sure the mysql server shows:
+---------------+-------------------------------------------+
| Variable_name | Value |
+---------------+-------------------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /opt/mysql/certs/ca-cert.pem
| ssl_capath | |
| ssl_cert | /opt/mysql/certs/server-cert.pem
| ssl_cipher | |
| ssl_key | /opt/mysql/certs/server-key.pem
+---------------+-------------------------------------------+
then in the jdbc connector URL, add the useSSL=true parameter:
url="jdbc:mysql://128.200.184.8:3306/codes?useSSL=true"
on unix, you can use snoop to see the packets being encrypted or unencrypted.
also, you can grant the user "require ssl" and they are forced to connect with SSL. otherwise, it's their option.
grant select, insert, update, delete, execute on test.* to username@'%' require ssl
Add your own comment.
| Subject | Written By | Posted |
|---|---|---|
| Please help me!!! Problem in establishing a SSL enabled connection from a Java application to MySQL | Anders Rydqvist | 02/21/2007 08:05AM |
| Re: Please help me!!! Problem in establishing a SSL enabled connection from a Java application to MySQL | J A | 03/15/2007 10:05AM |
| Re: Please help me!!! Problem in establishing a SSL enabled connection from a Java application to MySQL | Bjørn Arild Kristiansen | 04/26/2007 01:57AM |
| Re: Please help me!!! Problem in establishing a SSL enabled connection from a Java application to MySQL | bob eff | 10/19/2007 03:30PM |
Sorry, you can't reply to this topic. It has been closed.
© 1995-2008 MySQL AB, 2008- Sun Microsystems, Inc.