I'm seeking to clear some information up for myself involving remote SSL connections to MYSQL. Particularly, once I have MYSQL setup to enable SSL and have a remote user that requires SSL.
This is how I connect (commandline), remotely, to MYSQL with a user that requires SSL:
mysql -uMyUserName -p -h192.168.5.5 --ssl-ca /path/to/ca.pem
My question is: Why do I have to provide the ca.pem file as the client?
These are the steps I took to install mysql on the server and setup remote access (Ubuntu):
Steps to Enable SSL for MYSQL
1) Obtain my Certificate Authority cert, Database cert, Database key
ca.pem (Certificate Authority cert) dbcert.pem (Database cert) dbkey.pem (Databse key)
2) Add the following lines to /etc/mysql/my.cnf under [mysqld]
ssl-ca=/path/to/ca.pem ssl-cert=/path/to/dbcert.pem ssl-key=/path/to/dbkey.pem
提前致谢。
This is how I connect (commandline), remotely, to MYSQL with a user that requires SSL:
mysql -uMyUserName -p -h192.168.5.5 --ssl-ca /path/to/ca.pem
My question is: Why do I have to provide the ca.pem file as the client?
These are the steps I took to install mysql on the server and setup remote access (Ubuntu):
Steps to Enable SSL for MYSQL
1) Obtain my Certificate Authority cert, Database cert, Database key
ca.pem (Certificate Authority cert) dbcert.pem (Database cert) dbkey.pem (Databse key)
2) Add the following lines to /etc/mysql/my.cnf under [mysqld]
ssl-ca=/path/to/ca.pem ssl-cert=/path/to/dbcert.pem ssl-key=/path/to/dbkey.pem
3)重新启动mysql,并通过登录并输入以下内容确认启用ssl:
show variables like '%ssl%';
配置需要SSL的远程连接
1) 在/etc/mysql/my.cnf中注释掉以下行:
#bind-address
#skip-networking
2) 登录到mysql并授予用户访问所有数据库的权限,例如:
GRANT ALL PRIVILEGES ON . to '用户名'@'%' IDENTIFIED BY '密码' REQUIRE SSL
提前致谢。