mysql5.7怎么对ssl加密连接
这篇文章主要讲解了“mysql5.7怎么对ssl加密连接”,文中的讲解内容简单清晰,易于学习与理解,下面请大家跟着小编的思路慢慢深入,一起来研究和学习“mysql5.7怎么对ssl加密连接”吧!
该操作在mysql5.7及以后版本,5.6及以前版本不适用该操作确认数据库版本号和端口号mysql>selectversion();+-----------+|version()|+-----------+|5.7.19|+-----------+1rowinset(0.00sec)mysql>showvariableslike'have%ssl%';+---------------+----------+|Variable_name|Value|+---------------+----------+|have_openssl|DISABLED||have_ssl|DISABLED|+---------------+----------+2rowsinset(0.02sec)mysql>showvariableslike'port';+---------------+-------+|Variable_name|Value|+---------------+-------+|port|3306|+---------------+-------+1rowinset(0.01sec)mysql>showvariableslike'datadir';+---------------+-------------------+|Variable_name|Value|+---------------+-------------------+|datadir|/data|+---------------+-------------------+1rowinset(0.01sec)
1. SSL配置
* 利用自带工具生成SSL相关文件
root@MySQL~]#/usr/local/mysql/bin/mysql_ssl_rsa_setup--datadir=/dataGeneratinga2048bitRSAprivatekey..........................................................................+++.....+++writingnewprivatekeyto'ca-key.pem'-----Generatinga2048bitRSAprivatekey.......................................................................................................................................................................+++...+++writingnewprivatekeyto'server-key.pem'-----Generatinga2048bitRSAprivatekey.....................+++...........................................+++writingnewprivatekeyto'client-key.pem'-----
* 查看生成的SSL文件
[root@MySQL~]#ls-l/data/mysql_data/*.pem-rw-------1rootroot1679Jun2420:54/data/ca-key.pem-rw-r--r--1rootroot1074Jun2420:54/data/ca.pem-rw-r--r--1rootroot1078Jun2420:54/data/client-cert.pem-rw-------1rootroot1675Jun2420:54/data/client-key.pem-rw-------1rootroot1675Jun2420:54/data/private_key.pem-rw-r--r--1rootroot451Jun2420:54/data/public_key.pem-rw-r--r--1rootroot1078Jun2420:54/data/server-cert.pem-rw-------1rootroot1675Jun2420:54/data/server-key.pem注意:将上述文件权限改为mysql所属
* 重启 MySQL 服务
[
root@MySQL~]#/etc/init.d/mysqldrestartShuttingdownMySQL..SUCCESS!StartingMySQL.SUCCESS!
* 连接MySQL 查看SSL开启状态
have_openssl 与 have_ssl 值都为YES表示ssl开启成功
mysql>showvariableslike'have%ssl%';+---------------+-------+|Variable_name|Value|+---------------+-------+|have_openssl|YES||have_ssl|YES|+---------------+-------+2rowsinset(0.03sec)
SSL + 密码连接测试
* 创建用户并指定 SSL 连接 [ MySQL 5.7后推荐使用create user 方式创建用户 ]
mysql>createuser'ssl_test'@'%'identifiedby'123'requireSSL;QueryOK,0rowsaffected(0.00sec)
* 通过密码连接测试 [ 默认采用SSL连接,需要指定不使用SSL连接 ]
[root@MySQL~]#mysql-h192.168.60.129-ussl_test-p'123'--ssl=0mysql:[Warning]Usingapasswordonthecommandlineinterfacecanbeinsecure.ERROR1045(28000):Accessdeniedforuser'ssl_test'@'192.168.60.129'(usingpassword:YES)
* 通过 SSL + 密码 连接测试
SSL: Cipher in use is DHE-RSA-AES256-SHA 表示通过SSL连接
[root@MySQL~]#mysql-h192.168.60.129-ussl_test-p'123'--sslmysql:[Warning]Usingapasswordonthecommandlineinterfacecanbeinsecure.WARNING:--sslisdeprecatedandwillberemovedinafutureversion.Use--ssl-modeinstead.WelcometotheMySQLmonitor.Commandsendwith;or\g.YourMySQLconnectionidis12Serverversion:5.7.18MySQLCommunityServer(GPL)Copyright(c)2000,2017,Oracleand/oritsaffiliates.Allrightsreserved.OracleisaregisteredtrademarkofOracleCorporationand/oritsaffiliates.Othernamesmaybetrademarksoftheirrespectiveowners.Type'help;'or'\h'forhelp.Type'\c'toclearthecurrentinputstatement.mysql>\s--------------mysqlVer14.14Distrib5.7.18,forlinux-glibc2.5(x86_64)usingEditLinewrapperConnectionid:12Currentdatabase:Currentuser:ssl_test@192.168.60.129SSL:CipherinuseisDHE-RSA-AES256-SHACurrentpager:stdoutUsingoutfile:''Usingdelimiter:;Serverversion:5.7.18MySQLCommunityServer(GPL)Protocolversion:10Connection:192.168.60.129viaTCP/IPServercharacterset:latin1Dbcharacterset:latin1Clientcharacterset:utf8Conn.characterset:utf8TCPport:3306Uptime:7min34secThreads:1Questions:29Slowqueries:0Opens:112Flushtables:1Opentables:105Queriespersecondavg:0.063--------------SSL+密码+密钥连接
创建用户并指定 X509 [ SSL+密钥 ] 连接 [ MySQL 5.7后推荐使用create user 方式创建用户 ]
mysql>createuser'wang'@'%'identifiedby'123'requirewang;QueryOK,0rowsaffected(0.00sec)
通过密码连接测试
[root@MySQL~]#mysql-h192.168.60.129-uwang-p'123'--ssl=0mysql:[Warning]Usingapasswordonthecommandlineinterfacecanbeinsecure.ERROR1045(28000):Accessdeniedforuser'wang'@'192.168.60.129'(usingpassword:YES)
* 通过 SSL +密码 连接测试
[root@MySQL~]#mysql-h192.168.60.129-uwang-p'123'--sslmysql:[Warning]Usingapasswordonthecommandlineinterfacecanbeinsecure.ERROR1045(28000):Accessdeniedforuser'wang'@'192.168.60.129'(usingpassword:YES)
* 通过 SSL + 密码+密钥连接测试
SSL: Cipher in use is DHE-RSA-AES256-SHA 表示通过SSL连接
[root@MySQL~]#mysql-h192.168.60.129-uwang-p'123'--ssl-cert=/data/client-cert.pem--ssl-key=/data/client-key.pemmysql:[Warning]Usingapasswordonthecommandlineinterfacecanbeinsecure.WelcometotheMySQLmonitor.Commandsendwith;or\g.YourMySQLconnectionidis21Serverversion:5.7.18MySQLCommunityServer(GPL)Copyright(c)2000,2017,Oracleand/oritsaffiliates.Allrightsreserved.OracleisaregisteredtrademarkofOracleCorporationand/oritsaffiliates.Othernamesmaybetrademarksoftheirrespectiveowners.Type'help;'or'\h'forhelp.Type'\c'toclearthecurrentinputstatement.mysql>\s--------------mysqlVer14.14Distrib5.7.18,forlinux-glibc2.5(x86_64)usingEditLinewrapperConnectionid:21Currentdatabase:Currentuser:wang@192.168.60.129SSL:CipherinuseisDHE-RSA-AES256-SHACurrentpager:stdoutUsingoutfile:''Usingdelimiter:;Serverversion:5.7.18MySQLCommunityServer(GPL)Protocolversion:10Connection:192.168.60.129viaTCP/IPServercharacterset:latin1Dbcharacterset:latin1Clientcharacterset:utf8Conn.characterset:utf8TCPport:3306Uptime:18min27secThreads:1Questions:40Slowqueries:0Opens:118Flushtables:1Opentables:111Queriespersecondavg:0.036
感谢各位的阅读,以上就是“mysql5.7怎么对ssl加密连接”的内容了,经过本文的学习后,相信大家对mysql5.7怎么对ssl加密连接这一问题有了更深刻的体会,具体使用情况还需要大家实践验证。这里是,小编将为大家推送更多相关知识点的文章,欢迎关注!
您或许对下面这些文章有兴趣: 本月吐槽辛苦排行榜
黔ICP备2023000050号-1 | 本站使用 Dickey’s Blog主题 | 