MySQL Forums
Forum List  »  Security

Re: Enabling SSL
Posted by: Georgi Kodinov
Date: October 12, 2017 03:04AM

Disclaimer: I assume you're using MySQL 5.7. Things described below can work on earlier versions too, but it'd be partially and maybe you'd need to use now obsolete options.

I suggest you consider using the mysql tools to generate the certificates needed: https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-rsa-files-using-mysql.html

At a glance what's missing from your script above is the server/client certificate signing by the self-signed CA.

You also only configured SSL on the server. The client is left to its defaults. The defaults are good (--ssl-mode=preferred). But they are not perfect (i.e. if the SSL establishment fails for any reason it'd happily fall back to a non-encrypted connection.

So I'd consider doing --ssl-mode=required or even --ssl-mode=verify_ca/verify_identity ...

See https://dev.mysql.com/doc/refman/5.7/en/encrypted-connection-options.html#option_general_ssl-mode for more details.

This would of course require at least a CA certificate on the client too.

Options: ReplyQuote


Subject
Views
Written By
Posted
2110
August 22, 2017 10:02AM
Re: Enabling SSL
755
October 12, 2017 03:04AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.