[Techtalk] mysql with SSL
wolfrising at gmail.com
Tue Jan 6 11:14:33 UTC 2009
Had to get a copy of the certificate (cacert.pem) from the database server
over to the client machine
mysql -h database.server --ssl-ca=cacert.pem -u test_user -p password
allowed the connection with SSL.
On Tue, Jan 6, 2009 at 1:16 AM, Cynthia Kiser <cnk at ugcs.caltech.edu> wrote:
> On that page referenced:
> If the account has no special SSL requirements or was created using a
> GRANT statement that includes the REQUIRE SSL option, a client can
> connect securely by using just the --ssl-ca option:
> shell> mysql --ssl-ca=cacert.pem
> To require that a client certificate also be specified, create the
> account using the REQUIRE X509 option. Then the client must also
> specify the proper client key and certificate files or the server will
> reject the connection:
> shell> mysql --ssl-ca=cacert.pem \
> --ssl-cert=client-cert.pem \
> In other words, the options are similar to those used for the
> server. Note that the Certificate Authority certificate has to be the
> Does that work from your client? I don't have an ssl-enabled server so
> can't try it myself.
> Quoting Wolf Rising <wolfrising at gmail.com>:
> > I believe that's what was set up on the database server, I'd like to
> > a client machine
> > securely via ssl to the database server.
> > mysql -u testuser -h database.server -p password
> > will connect the test user, but I'd rather it be a secure encrypted
> > connection.
> > I know ssl is enabled on the database server but I don't know how to
> > using
> > an ssl connection.
> > Thank you :-)
> > On Mon, Jan 5, 2009 at 11:58 PM, Cynthia Kiser <cnk at ugcs.caltech.edu>
> > > Quoting Wolf Rising <wolfrising at gmail.com>:
> > > > We have a database server which has ssl enabled, would anyone know of
> > > > tutorial on how to connect to
> > > > an external database server via ssl from another machine?
> > >
> > > I haven't tried it myself, but the docs look pretty comprehensive:
> > > http://dev.mysql.com/doc/refman/5.0/en/secure-using-ssl.html
> > >
> Cynthia N. Kiser
> cnk at ugcs.caltech.edu
More information about the Techtalk