MySQL Forums
Forum List  »  Security

Re: Each instance with diferrent ssl CA and cert and key, while use jdbc:mysql:loadbalance protocol, how to hot swap ca info for each query?
Posted by: Tiger Woo
Date: October 17, 2017 08:35PM

Thank Georgi for your warmly help!

Due to i use mysql_ssl_rsa_setup to generate ca and cert and key files in script file. Also in this file,i use keytool to generate keystore file and truststore auto. finally, i run this script file on each mysql node to finish install and deploy and all configure operation. So it generate different ca file and so on. for each mysql node, they do not know each other, and use a monitor center to maintain their's master or slave role and build master-slave relationship for all slave nodes.

For all slave nodes ,i hope to use jdbc:mysql:loadbalance:// protocol to visit db with ssl. And according your suggestion, only need i add all cas file to ssl_context. now i know use System.setproperty or use --clientCertificateKeyStoreUrl parameter to append jdbc url to add cas to ssl_context. i don't know if value of clientCertificateKeyStoreUrl can append with more than one keystore file?

Options: ReplyQuote




Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.