Difference between revisions of "Secure MySQL Connection"
Line 9: | Line 9: | ||
===Install OpenSSL=== | ===Install OpenSSL=== | ||
To know if your server already has OpenSSL installed execute "openssl" from ssh or from a command prompt. If you see "OpenSSL>" it is already installed. | To know if your server already has OpenSSL installed execute "openssl" from ssh or from a command prompt. If you see "OpenSSL>" it is already installed. | ||
− | ==== | + | ==== CentOS 5/6, Fedora 15, Redhat 5 ==== |
yum install openssl | yum install openssl | ||
− | ==== | + | ==== Debian 6, Ubuntu 10/11/12 ==== |
apt-get install openssl | apt-get install openssl | ||
− | ==== | + | ====Windows==== |
OpenSSL for Windows can be downloaded from http://slproweb.com/products/Win32OpenSSL.html | OpenSSL for Windows can be downloaded from http://slproweb.com/products/Win32OpenSSL.html | ||
Revision as of 02:09, 17 December 2012
Contents
Overview
MySQL supports secure (encrypted) connections between MySQL clients and the server using the Secure Sockets Layer (SSL) protocol. This article explains how to configure your MySQL server and TCAdmin.
How to configure the MySQL Server
The following instructions are provided for your convenience. We do not provide support for configuring ssl on your MySQL server.
For detailed instructions read the MySQL reference manual: http://dev.mysql.com/doc/refman/5.0/en/creating-ssl-certs.html
Install OpenSSL
To know if your server already has OpenSSL installed execute "openssl" from ssh or from a command prompt. If you see "OpenSSL>" it is already installed.
CentOS 5/6, Fedora 15, Redhat 5
yum install openssl
Debian 6, Ubuntu 10/11/12
apt-get install openssl
Windows
OpenSSL for Windows can be downloaded from http://slproweb.com/products/Win32OpenSSL.html
Create the Server Certificates
Important: Execute the following commands line by line. Don't execute them all at once.
Linux
cd /home/tcadmin/Database mkdir sslcerts cd sslcerts openssl genrsa 2048 > ca-key.pem openssl req -new -x509 -nodes -days 9000 -key ca-key.pem > ca-cert.pem openssl req -newkey rsa:2048 -days 9000 -nodes -keyout server-key.pem > server-req.pem
openssl rsa -in server-key.pem -out server-key.pem openssl x509 -req -in server-req.pem -days 9000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem