Hello, I'm trying to set up SSL for my MySQL server. As my understanding of SSL is still a bit shaky and the MySQL documentation on the subject a bit terse, I thought I'd ask a few questions to make sure I haven't misunderstood anything:
1. Is the --ssl-ca option to mysqld the public key used by the server to verify the identity of clients? In that case, is --ssl-ca unnecessary if the server doesn't need to verify client identifies? If it is always necessary, then what is it used for in case the server doesn't verify client identities? 2. Is the argument of the client's --ssl-ca option the public key used to verify the certificate received from the server? If the server is registered with a CA, Is it meant to be the public key of the CA the server is registered with? 3. What is the minimal number of certificates/keys that need to be generated/distributed in case the server doesn't need to verify client identities? If I've understood SSL correctly, it should just be a private key and a certificate (that contains the public key and is signed with the CA's private key) for the server, as well as the CA's public key for the client. Any help/clarification appreciated, Ulf Magnusson -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
