MySQL Forums
Forum List  »  Security

Advanced Search
New Topic

Re: Each instance with diferrent ssl CA and cert and key, while use jdbc:mysql:loadbalance protocol, how to hot swap ca info for each query?
Posted by: Georgi Kodinov
Date: October 18, 2017 04:25AM

You will need to ask your JDBC question in the JDBC forum. JDBC is not my forte.
In theory the TLS supports multiple CA certs. So it should work in theory.

As for using mysql_ssl_rsa_setup: this is definitely not what it was designed to do (provision a replication topology with key material).

There are also a number of trust issues that cannot be resolved without a proper CA. Like for example the private keys should be generated on premise and should never leave the machine they'll be used on. It's very hard to observe this when running a single instance of mysql_ssl_rsa_setup.

So I doubt mysql_ssl_rsa_setup is the right tool for what you need.

I'd suggest you consider running your own in-house CA or using a 3d party one (commercial or not).
Googling "running your own CA with openssl" gives plenty of good ideas on how to do it manually. Some OSes do it too.

It's all a matter of whom do you trust. Once you establish this there's plenty of tools to implement your decision.

Navigate: Previous MessageNext Message
Options: ReplyQuote




Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.