MySQL Forums
Forum List  »  Security

Enabling SSL
Posted by: davide marchi
Date: August 22, 2017 10:02AM

Hi friends,
I'm wondering about the MySQL Replication,
now I've added the "ssl" parameter on my.conf and inserted too the certificates path as below, but if I try to verify obtain:

mysql> show variables like '%ssl%';
+---------------+----------------------------------------+
| Variable_name | Value |
+---------------+----------------------------------------+
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| ssl_ca | /etc/mysql/certificati/ca-cert.pem |
| ssl_capath | |
| ssl_cert | /etc/mysql/certificati/server-cert.pem |
| ssl_cipher | |
| ssl_key | /etc/mysql/certificati/server-key.pem |
+---------------+----------------------------------------+


this is the configuration:
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
key_buffer = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
myisam-recover = BACKUP
query_cache_limit = 1M
query_cache_size = 16M
log_error = /var/log/mysql/error.log
server-id = 1
log_bin = /var/log/mysql/replication.log
binlog-format = mixed
innodb_flush_log_at_trx_commit=1
sync_binlog = 1
expire_logs_days = 7
max_binlog_size = 100M
binlog_do_db = mailserver
ssl
ssl-ca=/etc/mysql/certificati/ca-cert.pem
ssl-cert=/etc/mysql/certificati/server-cert.pem
ssl-key=/etc/mysql/certificati/server-key.pem
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
[isamchk]
key_buffer = 16M
!includedir /etc/mysql/conf.d/


The certs was generated by:

Create CA certificate (4096 bit):

openssl genrsa 4096 > ca-key.pem
openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem

Create server certificate (4096 bit):

openssl req -newkey rsa:4096 -days 1000 -nodes -keyout server-key.pem > server-req.pem
openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

Create client certificate (4096 bit):

openssl req -newkey rsa:4096 -days 1000 -nodes -keyout client-key.pem > client-req.pem
openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem

Options: ReplyQuote


Subject
Views
Written By
Posted
Enabling SSL
2389
August 22, 2017 10:02AM
833
October 12, 2017 03:04AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.