[Techtalk] mysql with SSL

Wolf Rising wolfrising at gmail.com
Tue Jan 6 11:14:33 UTC 2009 

Had to get a copy of the certificate (cacert.pem) from the database server
over to the client machine
then

mysql -h database.server --ssl-ca=cacert.pem  -u test_user -p password

allowed the connection with SSL.

Thanks!

On Tue, Jan 6, 2009 at 1:16 AM, Cynthia Kiser <cnk at ugcs.caltech.edu> wrote:

> On that page referenced:
>
>  If the account has no special SSL requirements or was created using a
>  GRANT statement that includes the REQUIRE SSL option, a client can
>  connect securely by using just the --ssl-ca  option:
>
> shell> mysql --ssl-ca=cacert.pem
>
> To require that a client certificate also be specified, create the
> account using the REQUIRE X509 option. Then the client must also
> specify the proper client key and certificate files or the server will
> reject the connection:
>
> shell> mysql --ssl-ca=cacert.pem \
>       --ssl-cert=client-cert.pem \
>       --ssl-key=client-key.pem
>
> In other words, the options are similar to those used for the
> server. Note that the Certificate Authority certificate has to be the
> same.
>
> Does that work from your client? I don't have an ssl-enabled server so
> can't try it myself.
>
> Quoting Wolf Rising <wolfrising at gmail.com>:
> > I believe that's what was set up on the database server, I'd like to
> connect
> > a client machine
> > securely via ssl to the database server.
> >
> > mysql -u testuser -h database.server -p password
> > will connect the test user, but I'd rather it be a secure encrypted
> > connection.
> >
> > I know ssl is enabled on the database server but I don't know how to
> connect
> > using
> > an ssl connection.
> >
> > Thank you :-)
> >
> > On Mon, Jan 5, 2009 at 11:58 PM, Cynthia Kiser <cnk at ugcs.caltech.edu>
> wrote:
> >
> > > Quoting Wolf Rising <wolfrising at gmail.com>:
> > > > We have a database server which has ssl enabled, would anyone know of
> a
> > > > tutorial on how to connect to
> > > > an external database server via ssl from another machine?
> > >
> > > I haven't tried it myself, but the docs look pretty comprehensive:
> > > http://dev.mysql.com/doc/refman/5.0/en/secure-using-ssl.html
> > >
>
> --
> Cynthia N. Kiser
> cnk at ugcs.caltech.edu
>

More information about the Techtalk mailing list