I've been trying to figure out how to set up SSL support in mysql-4.0.1 ...
The online documentation is pretty sparse on the subject.
Here's what I've got so far -- and so far this is *NOT* working. I'm putting
it out here so that someone else may be able to fiddle around on their end
and help figure out how to get this working.
OBJECTIVE
Get mysql client and mysql server talking to each other
over SSL connection.
ASSUMES
Both MySQL client & server were built with these options:
--with-vio --with-openssl
As described here:
http://www.mysql.com/doc/S/e/Secure_requirements.html
QUESTION
How to configure client & server certificates to ensure
successful SSL connection?
DISCLAIMER
I'm no expert on OpenSSL. :-)
1. CREATE A SELF-SIGNED CERTIFICATE
Going off of instructions posted here:
http://www.coruscant.demon.co.uk/mike/imap/security.html
I did this:
shell> openssl genrsa -des3 -out /path/to/cadir/ca.key 1024
shell> openssl req -new -x509 -days 365 -key /path/to/cadir/ca.key \
-out /path/to/cadir/ca.crt
shell> openssl req -new -key /path/to/cadir/ca.key \
-out /path/to/cadir/server.csr
Then I grabbed the mod_ssl package from www.modssl.org, moved the "sign.sh"
script from "pkg.contrib" into "/path/to/cadir"
Then:
shell> ./sign.sh server.csr
2. PLACE CERTIFICATE FILES IN APPROPRIATE PLACES
On both my client machine and server machine, I copied the contents of
"/path/to/cadir" to "/usr/local/etc/mysqlssl"
3. EDIT my.cnf ON CLIENT & SERVER
I added these values to my.cnf:
[ssl]
key = (LONG public key value - 394 chars - copied from server.crt)
cert = ca.crt
ca = (Organization Name answer from the Q & A session while doing the
first ca.key generation)
capath = /usr/local/etc/mysqlssl
So far, this hasn't worked ... But at least MySQL runs without errors, so I
believe I've got the my.cnf variable names correct.
Page 390 of the new Managing & Using MySQL (O'Reilly) book provided some
clues for doing this ... In reference to C functions, it says:
'key' contains an SSL public key
'cert' contains the filename of a certificate
'ca' contians the name of the certificate authority
'capath' contains the directory containing the certificate
Like I said, this hasn't worked yet -- I'm still getting "SSL is not in use"
when I connect via the mysql client. No errors appear in the error log.
Has anyone else tried this? Any luck?
- Clay
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
