MySQL 클라이언트 SSL 설정

Crystal Clear action info.png 작성 중인 문서입니다.
MySQL 클라이언트 SSL 설정

1 사전작업[ | ]

2 확인[ | ]

[root@zetawiki ~]# mysql -h135.79.33.6 -utestuser -pP@ssw0rd
... (생략)
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| Ssl_cipher    |       |
+---------------+-------+
1 row in set (0.00 sec)
mysql> SHOW GLOBAL VARIABLES LIKE 'have_%ssl';
+---------------+----------+
| Variable_name | Value    |
+---------------+----------+
| have_openssl  | DISABLED |
| have_ssl      | DISABLED |
+---------------+----------+
2 rows in set (0.00 sec)
mysql> STATUS;
--------------
mysql  Ver 14.14 Distrib 5.1.73, for redhat-linux-gnu (x86_64) using readline 5.1

Connection id:		11059
Current database:	
Current user:		testuser@135.79.246.80
SSL:			Not in use
... (생략)

3 클라이언트 SSL 작업[ | ]

[root@zetawiki ~]# openssl req -sha256 -newkey rsa:2048 -days 99999 -nodes -keyout client-key.pem > client-req.pem
Generating a 2048 bit RSA private key
.........................................+++
..............................................................................................................................................................+++
writing new private key to 'client-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@zetawiki ~]# ll client*
-rw-r--r-- 1 root root 1704 Aug 31 10:52 client-key.pem
-rw-r--r-- 1 root root  952 Aug 31 10:52 client-req.pem
[root@zetawiki ~]# openssl rsa -in client-key.pem -out client-key.pem
writing RSA key
[root@zetawiki ~]# ll client*
-rw-r--r-- 1 root root 1675 Aug 31 10:54 client-key.pem
-rw-r--r-- 1 root root  952 Aug 31 10:52 client-req.pem
[root@zetawiki ~]# openssl x509 -sha256 -req -in client-req.pem -days 99999 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
... (생략)

4 확인 2[ | ]

[root@zetawiki ~]# mysql --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem -h135.79.33.6 -ussluser -pP@ssw0rd
... (생략)
mysql> status;
... (생략)

5 같이 보기[ | ]

6 참고[ | ]

문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}