Amazon RDS文档(http://aws.amazon.com/rds/faqs/#53)指定“Amazon RDS为每个[MySQL] DB实例生成SSL证书”。我无法找到任何有关如何查找证书的文档,并且在管理控制台中找不到证书。
证书在哪里?
Amazon RDS文档(http://aws.amazon.com/rds/faqs/#53)指定“Amazon RDS为每个[MySQL] DB实例生成SSL证书”。我无法找到任何有关如何查找证书的文档,并且在管理控制台中找不到证书。
证书在哪里?
我在这里找到了解决方案:https://forums.aws.amazon.com/thread.jspa?threadID=62110。
curl -O https://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem
mysql -uusername -p --host=host --ssl-ca=mysql-ssl-ca-cert.pem
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+------------+ | 变量名 | 值 | +---------------+------------+ | Ssl_cipher | AES256-SHA | +---------------+------------+ 1 行记录(0.00 秒)
mysql> ALTER USER 'username'@'host|%' REQUIRE SSL
root@sathish:/usr/src# mysql -h awssathish.xxyyzz.eu-west-1.rds.amazonaws.com -u awssathish -p --ssl-ca=mysql-ssl-ca-cert.pem
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 22
Server version: 5.6.13-log MySQL Community Server (GPL)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql> GRANT USAGE ON *.* TO ‘awssathish’@’%’ REQUIRE SSL
Query OK, 0 rows affected (0.02 sec)
mysql>
mysql> show variables like "%ssl";
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
| have_ssl | YES |
+---------------+-------+
2 rows in set (0.00 sec)
mysql>
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+------------+
| Variable_name | Value |
+---------------+------------+
| Ssl_cipher | AES256-SHA |
+---------------+------------+
1 row in set (0.01 sec)
mysql> exit
Bye
这里是关于RDS的端点信息:
awssathish.xxyyzz.eu-west-1.rds.amazonaws.com 是RDS的端点地址,
awssathish 是RDS服务器的用户名。
(例如/Downloads/mysql-ssl-ca-cert.pem)。必须执行--ssl_ca=/Users/myusername/Downloads/mysql-ssl-ca-cert.pem。 ~的错误是:ERROR 2026(HY000):SSL连接错误:ASN:坏的其他签名确认。 - jlpp