MySql与自签名证书的ssl连接

时间:2016-02-21 17:38:35

标签: mysql ssl mysql-workbench self-signed my.cnf

嘿我想使用ssl安全连接连接到mySql数据库。我做了以下事情:

创建自签名证书(资源:https://dev.mysql.com/doc/refman/5.6/en/creating-ssl-files-using-openssl.html):

#server
openssl genrsa 2048 > ca-key.pem

openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem

openssl req -newkey rsa:2048 -days 3600 nodes -keyout server-key.pem -out server-req.pem

openssl rsa -in server-key.pem -out server-key.pem

openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

#client 

openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem

openssl rsa -in client-key.pem -out client-key.pem

openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem

#signing

openssl verify -CAfile ca.pem server-cert.pem client-cert.pem

在C:\ Program Files \ MySQL \ MySQL Server X.Y中创建my.cnf文件(因为它不存在)并添加了这些行(资源:https://dev.mysql.com/doc/connector-net/en/connector-net-tutorials-ssl.html

ssl-ca=c:/certs/ca.pem 
ssl-cert=c:/certs/server-cert.pem 
ssl-key=c:/certs/server-key.pem 

然后使用root连接到mysql并创建了sslclient用户:

CREATE USER 'sslclient'@'localhost';

现在,当我尝试使用ssl:

连接到mySql数据库时
 mysql -h localhost -u sslclient -p --ssl=1 --ssl-cert=client-cert.pem --ssl-key=client-key.pem --ssl-ca=ca.cert 

我得到以下异常:

 SSL connection error: SSL is required but the server doesn't support it

我也尝试以root用户身份尝试通过MySQl Workbench>更改ssl设置。右键单击我的连接>编辑连接>连接> ssl并填补了相关领域。

编辑:我发现.cnf可以是.ini文件(位于C:\ ProgramData \ MySQL \ MySQL Server XY),所以我添加了ssl-x行,但现在我得到了这个错误:

 SSL connection error: ASN: bad other signature confirmation

0 个答案:

没有答案