MySQL5.6 How to create SSL files Official documentation: https://dev.mysql.com/doc/refman/5.6/en/creating-ssl-files-using-openssl.html#creating-ssl-files-using-openssl-unix-command-line Create clean environment mkdir /home/mysql/mysqlcerts && cd /home/mysql/mysqlcerts
Create CA certificate openssl genrsa 2048 > ca-key.pem openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem
Create server certificate, remove passphrase, and sign it server-cert.pem = public key, server-key.pem = private key openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem openssl rsa -in server-key.pem -out server-key.pem openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
Create client certificate, remove passphrase, and sign it
client-cert.pem = public key, client-key.pem = private key openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem openssl rsa -in client-key.pem -out client-key.pem openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem openssl verify -CAfile ca.pem server-cert.pem client-cert.pem server-cert.pem: OK client-cert.pem: OK
MySQL5.7 How to create SSL files
Official documentation: https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-rsa-files-using-mysql.html mkdir -p /home/mysql/mysqlcerts /usr/local/mysql-5.7.21-linux-glibc2.12-x86_64/bin/mysql_ssl_rsa_setup --datadir=/home/mysql/mysqlcerts/
Configure the main library after creating SSL From library 192.168.1.222 mkdir -p /home/mysql/mysqlcerts
Main Library chown -R mysql.mysql /home/mysql/mysqlcerts/ scp ca.pem client-cert.pem client-key.pem [email protected]:/home/mysql/mysqlcerts/
Master library authorization GRANT REPLICATION SLAVE ON *.* TO 'repl'@'192.168.1.222' identified by '' require ssl;
Main library my.cnf
#SSL ssl-ca=/home/mysql/mysqlcerts/ca.pem ssl-cert=/home/mysql/mysqlcerts/server-cert.pem ssl-key=/home/mysql/mysqlcerts/server-key.pem
restart mysql From the library chown -R mysql.mysql /home/mysql/mysqlcerts/
my.cnf ssl-ca=/home/mysql/mysqlcerts/ca.pem ssl-cert= /home/mysql/mysqlcerts/client-cert.pem ssl-key= /home/mysql/mysqlcerts/client-key.pem
Create a replication: change master to master_host='',master_user='',master_password='',master_log_file='mysql-bin.000001',master_log_pos=154, master_ssl=1, master_ssl_ca='/home/mysql/mysqlcerts/ca.pem', master_ssl_cert='/home/mysql/mysqlcerts/client-cert.pem', master_ssl_key='/home/mysql/mysqlcerts/client-key.pem' ,MASTER_CONNECT_RETRY=10;
verify: After the main database is configured with SSL authentication, the client logs in using SSL by default mysql -utest -h192.168.1.223 -ptest -P3307
(This account can log in regardless of whether require ssl is configured)
The command to log in without SSL is: mysql -utest -h192.168.1.223 -ptest -P3307 --ssl-mode=DISABLED
(If the account is configured with require ssl, you will not be able to log in) You may also be interested in:- Comprehensive interpretation of MySQL master-slave replication, from principle to installation and configuration
- How to configure MySQL master-slave replication under Windows
- Detailed explanation of the configuration method of MySQL master-slave replication read-write separation
- Detailed explanation of how to configure multi-threaded master-slave replication from MySQL 5.7 slave nodes
- MySQL (master/slave) master-slave replication principle and configuration graphic detailed explanation
- MySQL5.6 master-slave replication synchronization detailed configuration (picture and text)
- In-depth analysis of semi-synchronous and asynchronous MySQL master-slave replication configuration
- Introduction to the heartbeat function of MySQL master-slave replication configuration
- The principle and configuration method of MySQL master-slave replication (more detailed)
- MySQL master-slave replication configuration process
|