mysql通过ssl的方式生成秘钥
2013-06-09 12:18
429 查看
-- mysql ssl 生成秘钥
1 check ssl是否已经开启
mysql> show variables like '%ssl%';
+---------------+----------+
| Variable_name | Value |
+---------------+----------+
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | |
+---------------+----------+
9 rows in set (0.00 sec)
2 没有开启,所以打开
在my.cnf末尾端设置ssl 参数, 然后重新启动mysql服务即可
mysql> show variables like '%ssl%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | |
+---------------+-------+
9 rows in set (0.00 sec)
3 通过openssl生成证书的配置, 在mysql db server上生成秘钥
mkdir -p /etc/mysql/newcerts/
cd /etc/mysql/newcerts/
3.1 openssl genrsa 2048 > ca-key.pem
3.2 openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
[root@mysql newcerts]# openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:shh
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:db
Common Name (eg, your name or your server''s hostname) []:mysql.yest.nos
Email Address []:xx@xx.com
3.3 openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
[root@mysql newcerts]# openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
Generating a 2048 bit RSA private key
.......................................................................................................+++
..........................................................+++
writing new private key to 'server-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:ssh
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:db
Common Name (eg, your name or your server''s hostname) []:mysql.yest.nos
Email Address []:xx@xx.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:820923
An optional company name []:xx
4 在mysql db server客户端生成ssl文件
4.1 openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
[root@mysql newcerts]# openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
Signature ok
subject=/C=ch/ST=shh/L=ssh/O=ea/OU=db/CN=mysql.yest.nos/emailAddress=cm@xx.com
Getting CA Private Key
4.2 openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem
[root@mysql newcerts]# openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem
Generating a 2048 bit RSA private key
.......+++
........................................................+++
writing new private key to 'client-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:shh
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:db
Common Name (eg, your name or your server''s hostname) []:mysql.yest.nos
Email Address []:cx@xx.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:820923
An optional company name []:xx
4.3
openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
[root@mysql newcerts]# openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
Signature ok
subject=/C=ch/ST=shh/L=shh/O=ea/OU=db/CN=mysql.yest.nos/emailAddress=cm@xx.com
Getting CA Private Key
5
[]copy clent.* 3个文件到客户端机器上面/opt/mysql/ssl/去。
6 登陆验证
mysql -uxxx -pxxxx --ssl-ca=/opt/mysql/ssl/ca-cert.pem --ssl-cert=/opt/mysql/ssl/server-cert.pem --ssl-key=/opt/mysql/ssl/server-key.pem
conferce:http://www.docin.com/p-151590189.html
1 check ssl是否已经开启
mysql> show variables like '%ssl%';
+---------------+----------+
| Variable_name | Value |
+---------------+----------+
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | |
+---------------+----------+
9 rows in set (0.00 sec)
2 没有开启,所以打开
在my.cnf末尾端设置ssl 参数, 然后重新启动mysql服务即可
mysql> show variables like '%ssl%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | |
+---------------+-------+
9 rows in set (0.00 sec)
3 通过openssl生成证书的配置, 在mysql db server上生成秘钥
mkdir -p /etc/mysql/newcerts/
cd /etc/mysql/newcerts/
3.1 openssl genrsa 2048 > ca-key.pem
3.2 openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
[root@mysql newcerts]# openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:shh
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:db
Common Name (eg, your name or your server''s hostname) []:mysql.yest.nos
Email Address []:xx@xx.com
3.3 openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
[root@mysql newcerts]# openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
Generating a 2048 bit RSA private key
.......................................................................................................+++
..........................................................+++
writing new private key to 'server-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:ssh
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:db
Common Name (eg, your name or your server''s hostname) []:mysql.yest.nos
Email Address []:xx@xx.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:820923
An optional company name []:xx
4 在mysql db server客户端生成ssl文件
4.1 openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
[root@mysql newcerts]# openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
Signature ok
subject=/C=ch/ST=shh/L=ssh/O=ea/OU=db/CN=mysql.yest.nos/emailAddress=cm@xx.com
Getting CA Private Key
4.2 openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem
[root@mysql newcerts]# openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem
Generating a 2048 bit RSA private key
.......+++
........................................................+++
writing new private key to 'client-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:shh
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:db
Common Name (eg, your name or your server''s hostname) []:mysql.yest.nos
Email Address []:cx@xx.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:820923
An optional company name []:xx
4.3
openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
[root@mysql newcerts]# openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
Signature ok
subject=/C=ch/ST=shh/L=shh/O=ea/OU=db/CN=mysql.yest.nos/emailAddress=cm@xx.com
Getting CA Private Key
5
[]copy clent.* 3个文件到客户端机器上面/opt/mysql/ssl/去。
6 登陆验证
mysql -uxxx -pxxxx --ssl-ca=/opt/mysql/ssl/ca-cert.pem --ssl-cert=/opt/mysql/ssl/server-cert.pem --ssl-key=/opt/mysql/ssl/server-key.pem
conferce:http://www.docin.com/p-151590189.html
相关文章推荐
- mysql通过ssl的方式生成秘钥具体生成步骤
- mysql通过ssl的方式生成秘钥
- mysql通过ssl的方式生成秘钥具体生成步骤
- Mybatis Generator的model生成中文注释,支持oracle和mysql(通过修改源码的方式来实现)
- Mybatis Generator的model生成中文注释,支持oracle和mysql(通过修改源码的方式来实现)
- Mybatis 通过配置文件generatorConfig.xml生成文件--main方法执行方式
- Linux系统下以RPM方式安装mysql-5.7.9【5.7版本以后,启动mysqld服务首次登录需要密码,为root生成的随机密码在错误日志文件/var/log/mysqld.log】
- mysql 动态增加列,查找表中有多少列,具体什么列。 通过JSON生成mysql表 支持子JSON
- Ubuntu 11.04 Natty Narwhal 下如何通过打印输出方式生成 PDF 文件
- [Axis2与Eclipse整合开发Web Service系列之二] Top-Down方式,通过WSDL逆向生成服务端
- VS2013通过MySQL方式连接到MySQL
- mysql 存储过程 通过存储过程的方式简化sql操作
- Centos6.5下通过 yum 方式安装 MySQL5.6.26
- 如何通过HTTPS(SSL加密)方式访问webservice
- [Axis2与Eclipse整合开发Web Service系列之二] Top-Down方式,通过WSDL逆向生成服务端
- 使用CloudFlare 的 PKI 工具集 cfssl 来生成 Certificate Authority (CA) 证书和秘钥文件
- mysqlhotcopy 通过ftp方式异地备份数据库
- Mybatis Generator的model生成中文注释,支持oracle和mysql(通过实现CommentGenerator接口的方法来实现)
- Python 生成MySQL 管理员随机复杂秘钥
- IBM Rational Software Architect 通过编程方式生成UML模型