-- mysql ssl 生成秘钥

1 check ssl是否已经开启
mysql> show variables like '%ssl%';
+---------------+----------+
| Variable_name | Value    |
+---------------+----------+
| have_openssl  | DISABLED |
| have_ssl      | DISABLED |
| ssl_ca        |          |
| ssl_capath    |          |
| ssl_cert      |          |
| ssl_cipher    |          |
| ssl_crl       |          |
| ssl_crlpath   |          |
| ssl_key       |          |
+---------------+----------+
9 rows in set (0.00 sec)

2 没有开启,所以打开
在my.cnf末尾端设置ssl 参数, 然后重新启动mysql服务即可
mysql> show variables like '%ssl%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl  | YES   |
| have_ssl      | YES   |
| ssl_ca        |       |
| ssl_capath    |       |
| ssl_cert      |       |
| ssl_cipher    |       |
| ssl_crl       |       |
| ssl_crlpath   |       |
| ssl_key       |       |
+---------------+-------+
9 rows in set (0.00 sec)

3 通过openssl生成证书的配置, 在mysql db server上生成秘钥
mkdir -p /etc/mysql/newcerts/
cd /etc/mysql/newcerts/

3.1 openssl genrsa 2048 > ca-key.pem
3.2 openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem

[root@mysql newcerts]# openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:shh
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:db
Common Name (eg, your name or your server''s hostname) []:mysql.yest.nos
Email Address []:xx@xx.com

3.3 openssl req -newkey  rsa:2048  -days 1000 -nodes -keyout server-key.pem > server-req.pem
[root@mysql newcerts]# openssl req -newkey  rsa:2048  -days 1000 -nodes -keyout server-key.pem > server-req.pem
Generating a 2048 bit RSA private key
.......................................................................................................+++
..........................................................+++
writing new private key to 'server-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:ssh
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:db
Common Name (eg, your name or your server''s hostname) []:mysql.yest.nos
Email Address []:xx@xx.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:820923
An optional company name []:xx

4 在mysql db server客户端生成ssl文件
4.1 openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

[root@mysql newcerts]# openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
Signature ok
subject=/C=ch/ST=shh/L=ssh/O=ea/OU=db/CN=mysql.yest.nos/emailAddress=cm@xx.com
Getting CA Private Key

4.2 openssl  req -newkey  rsa:2048  -days 1000 -nodes -keyout client-key.pem > client-req.pem

[root@mysql newcerts]# openssl  req -newkey  rsa:2048  -days 1000 -nodes -keyout client-key.pem > client-req.pem
Generating a 2048 bit RSA private key
.......+++
........................................................+++
writing new private key to 'client-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:shh
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:db
Common Name (eg, your name or your server''s hostname) []:mysql.yest.nos
Email Address []:cx@xx.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:820923
An optional company name []:xx

4.3
openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem

[root@mysql newcerts]# openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
Signature ok
subject=/C=ch/ST=shh/L=shh/O=ea/OU=db/CN=mysql.yest.nos/emailAddress=cm@xx.com
Getting CA Private Key

5
 []copy clent.* 3个文件到客户端机器上面/opt/mysql/ssl/去。

6 登陆验证
mysql -uxxx -pxxxx --ssl-ca=/opt/mysql/ssl/ca-cert.pem --ssl-cert=/opt/mysql/ssl/server-cert.pem --ssl-key=/opt/mysql/ssl/server-key.pem

conferce:http://www.docin.com/p-151590189.html

转载于:https://www.cnblogs.com/snake-hand/archive/2013/06/09/3130005.html

mysql通过ssl的方式生成秘钥相关推荐

  1. linux生成license,License生成秘钥

    一 License 简介 开发的软件产品在交付使用的时候,往往会授权一段时间的试用期,这个时候license就派上用场了.不同于在代码中直接加上时间约束,需要重新授权的时候使用license可以避免修 ...

  2. java中secretkey,java生成秘钥key,并保存秘钥到文件中

    本例子采用的是Java的对称加密其中的一种方式(3DES),其他的加密方式也类似.生成一个key秘钥,发送方使用生成的key秘钥进行加密操作,然后把生成的key秘钥保存到文件中,提供给需要解密的一方使 ...

  3. java项目的秘钥怎么保存_java生成秘钥key,并保存秘钥到文件中

    本例子采用的是Java的对称加密其中的一种方式(3DES),其他的加密方式也类似.生成一个key秘钥,发送方使用生成的key秘钥进行加密操作,然后把生成的key秘钥保存到文件中,提供给需要解密的一方使 ...

  4. PGP生成秘钥对及应用

    PGPDesktop下载链接:https://download.csdn.net/download/hfy19981024/10438982 1.下载安装PGP 安装很简单,根据安装包中的步骤一步一步 ...

  5. Shiro 生成秘钥

    Shiro 生成秘钥[官方] import org.apache.shiro.codec.Base64;import javax.crypto.KeyGenerator; import javax.c ...

  6. QT使用AES加密MAC地址生成秘钥文件并存取

    1.下载QT第三方AES库 https://github.com/bricke/Qt-AES 2.拷贝头文件 将aesni下的头文件添加到工程的头文件中 将AES库文件下的qaesencryption ...

  7. 怎么用git在本地生成密钥_git上传代码到远程仓库(附:生成秘钥)

    1. 一开始使用git时,可能要使用到相关的密钥 生成秘钥的方法:(1)ssh-keygen -t rsa -C "github注册的邮箱名" 随后一直enter就好,提示输入密码 ...

  8. 12 | 生成秘钥对

    1 Linux生成密钥对 2 windows生成秘钥对 2.1 打开命令行窗口 win+r打开cmd控制台命令 2.2 进入到cd .ssh目录 2.3 执行ssh-keygen 3 通过工具使用 4 ...

  9. crypto-js 前端DES加密/解密、生成秘钥 详解

    DES概述 DES全称为Data Encryption Standard,即数据加密标准,是一种使用密钥加密的块算法,1977年被美国联邦政府的国家标准局确定为联邦资料处理标准(FIPS),并授权在非 ...

最新文章

  1. [CF888G]Xor-MST
  2. WiFi 客流成无源之水,AI 陈列督导是智慧零售的新突围点?
  3. matlab多元回归程序,多元回归程序MATLAB程序
  4. python迭代器-迭代器取值-for循环-生成器-yield-生成器表达式-常用内置方法-面向过程编程-05...
  5. Netflix正式开源其API网关Zuul 2--转
  6. 计算机学报在线阅读,面向目标检测与姿态估计的联合文法模型计算机学报.pdf...
  7. 易混淆知识点(1):word-wrap和word-break傻傻分不清楚
  8. 【转】PHP会话Session使用详解
  9. 市场调研策划书_市场调查计划书模板
  10. jsf刷新页面_JSF页面生命周期管理
  11. python实现给定一个列表判断里面是否有重复元素
  12. 海量数据库解决方案2011031001
  13. 自编码模型autoencoder
  14. 构建REST风格的Web Service (转)
  15. 【毕设狗】【单片机毕业设计】基于单片机的智能垃圾桶设计-实物设计
  16. Ci24R1_与Si24R1的通讯兼容,更具性价比的2.4GHz收发芯片
  17. 小程序与MySQL数据库的交互_微信小程序数据库交互如何做到?
  18. 计算机科学技术专业发展分析,计算机科学与技术发展现况分析
  19. 村长选举c语言程序,菜鸡学C语言之摸鱼村村长
  20. ubuntu 安装浏览器flash插件

热门文章

  1. Linux——关机命令详解
  2. 排序算法c语言和oc实现的,几种常用的排序算法,OC实现
  3. C++实现求数组中前K大的数
  4. 最应该看的一本人工智能理论的书-神经网络于深度学习-目录
  5. Oracle 12C 利用Rman Duplicate搭建 Data Guard
  6. 转 plsql dev中Dynamic Performance Tables not accessible分析解决
  7. 对比Android和iPhone的优缺点
  8. 图像编程魔法门(By C#) 目录
  9. SecureCRT如何与Linux虚拟机进行关联
  10. 反射__获取delegate的信息