RE: MySQL 4 Built in SSL?
Thanks but if I am not mistaken, you are talking about SSH tunneling the connection not what I am looking for. I am interested in how to implement SSL. Thanks! -Original Message- From: Ferguson, Michael [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 2:47 PM To: Paul Fine Subject: RE: MySQL 4 Built in SSL? What I have done is load putty on my WIN2K box. Connect to the nix box - make sure authentication is correctly configured Launch mysql and work on it from the command line prompt -Original Message- From: Paul Fine [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 3:32 PM To: [EMAIL PROTECTED] Subject: MySQL 4 Built in SSL? Would anyone be kind enough to provide an example of using MySQL 4 with it's apparent built in SSL functionality to connect from a Win client to *Nix box? Am I correct in assuming that this new functionality means that I will not have to use stunnel or ssh tunneling? Thanks for any info! -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MySQL 4 Built in SSL?
Hi, 1.First generate un encrypted certificates. This can be done by using an Open SSL library. The instructions are available at http://www.mysql.com/doc/en/Secure_Create_Certs.html Note: Here un encrypted certificates means certificates that are not protected by any password. When MySQL code tries to read these certificates it can straight away read those certificates. Otherwise the code has to provide some way to get the password from the user and then decrypt the certificates. This is not yet implemented in MySQL. So any certificate that is encrypted with a password cannot be used with an SSL session on MySQL. 2.Copy the certificates to a folder on your server and client machines. Eg: /mysql/SSL You can also use the sample certificates provided by MySQL from MySQL repository. 3.Add the following entries in your my.cnf in such a way that the server reads these certificates from the specified location. [mysqld] ssl-ca=your_drive:\mysql\SSL\cacert.pem ssl-cert=your_drive:\mysql\SSL\server-cert.pem ssl-key=your_drive:\mysql\SSL\server-key.pem 4.Add the following entries in your my.cnf/my.ini(on windows) in such a way that the client reads these certificates from the specified location. [mysql] ssl-ca=your_drive:\mysql\SSL\cacert.pem ssl-cert=your_drive:\mysql\SSL\client-cert.pem ssl-key=your_drive:\mysql\SSL\client-key.pem 4.Start MySQL server. 5.Start MySQL client (mysql monitor) on your client machine. 6.On mySQL monitor type the following mysql> status It should display some thing like this. SSL : Cipher in use is EDH-RSA-DES-CBC3-RSA It indicates that the mysql client (mysql monitor) is using an SSL channel to communicate with MySQL server. Trouble shooting: The MySQL server comes up irrespective of ant failures in the SSL initialization. But it cannot service SSL connections. It will service non-service connections only. A MySQL server at one time can server both SSL and non SSL connections. But the a mysql client cannot connect to a MySQL server with SSL options when the server is not accepting the SSL connections. It will throw up an error. Unfortunately the error reporting with SSL on MySQL is very poor. But most of the cases the SSL connection may fail only because of a bad or expired certificates. In all other cases the connection should succeed. You need not use stunnel or ssh tunneling for this. >>> "Paul Fine" <[EMAIL PROTECTED]> 11/13/2003 2:01:39 AM >>> Would anyone be kind enough to provide an example of using MySQL 4 with it's apparent built in SSL functionality to connect from a Win client to *Nix box? Am I correct in assuming that this new functionality means that I will not have to use stunnel or ssh tunneling? Thanks for any info! -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
