Secure MySQL Connection


MySQL supports secure (encrypted) connections between MySQL clients and the server using the Secure Sockets Layer (SSL) protocol. This article explains how to configure your MySQL server and TCAdmin.

How to configure the MySQL Server

The following instructions are provided for your convenience. We do not provide support for configuring ssl on your MySQL server.

For detailed instructions read the MySQL reference manual:

Install OpenSSL

To know if your server already has OpenSSL installed execute "openssl" from ssh or from a command prompt. If you see "OpenSSL>" it is already installed.

CentOS 5/6, Fedora 15, Redhat 5

yum install openssl

Debian 6, Ubuntu 10/11/12

apt-get install openssl


OpenSSL for Windows can be downloaded from

Create the Server Certificates

Important: Execute the commands line by line. Execute them all at once will not create all certificate files.

After executing the following commands these files should exist in C:\Certificates or /home/tcadmin/Database/Certificates.

  • ca-cert.pem
  • ca-key.pem
  • server-cert.pem
  • server-key.pem
  • server-req.pem


cd /home/tcadmin/Database
mkdir Certificates
cd Certificates
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 9000 -key ca-key.pem > ca-cert.pem
openssl req -newkey rsa:2048 -days 9000 -nodes -keyout server-key.pem > server-req.pem
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -req -in server-req.pem -days 9000  -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem


Open a command prompt as administrator.

cd \
mkdir Certificates
cd Certificates
C:\OpenSSL\bin\openssl genrsa 2048 > ca-key.pem
C:\OpenSSL\bin\openssl req -new -x509 -nodes -days 9000 -key ca-key.pem > ca-cert.pem
C:\OpenSSL\bin\openssl req -newkey rsa:2048 -days 9000 -nodes -keyout server-key.pem > server-req.pem
C:\OpenSSL\bin\openssl rsa -in server-key.pem -out server-key.pem
C:\OpenSSL\bin\openssl x509 -req -in server-req.pem -days 9000  -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

Update the MySQL Configuration and Restart


Edit /etc/my.cnf.

Find this line:


Under that line add these lines:


Then restart the MySQL service.


Edit the my.ini in your MySQL installation folder. For example C:\Program Files\MySQL\MySQL Server 5.5\my.ini.

Find this line:


Under that line add these lines:


Then restart the MySQL service.

Retrieved from ""