mysql配置SSL证书登录的实现
16lz
2021-12-09
前言
国家等级保护三级安全要求,mysql 的 ssl 需要安全证书加密,这里需要研究一下,选几个账户演示下即可。mysql 的版本为 8.0.20
一、Mysql 启用 SSL 配置
1.1 检查是否开启 ssl
mysql> show variables like '%ssl%';+--------------------+-----------------+| Variable_name | Value |+--------------------+-----------------+| have_openssl | YES | | have_ssl | YES | # 已开启ssl| mysqlx_ssl_ca | || mysqlx_ssl_capath | || mysqlx_ssl_cert | || mysqlx_ssl_cipher | || mysqlx_ssl_crl | || mysqlx_ssl_crlpath | || mysqlx_ssl_key | || ssl_ca | ca.pem || ssl_capath | || ssl_cert | server-cert.pem || ssl_cipher | || ssl_crl | || ssl_crlpath | || ssl_fips_mode | OFF || ssl_key | server-key.pem |+--------------------+-----------------+17 rows in set (0.56 sec)
alter user 'xxx'@'%' require ssl;取消ssl验证:alter user 'xxx'@'%' require none;
mysql> select ssl_type from user where user = 'dev_fqr' ;+----------+| ssl_type |+----------+| ANY |+----------+1 row in set (0.01 sec)
[root@localhost data]# mysql -u dev_fqr -pEnter password: ERROR 2026 (HY000): SSL connection error: SSL is required but the server doesn't support it
1.3 使用 SSL 登录
要想通过 SSL 登录,就需要用到下面这几个证书,通过 client 证书 与 server 端进行校验通过才能登录成功。
1) 本机登录
在 data 目录下的三个文件证书登录。
[root@localhost data]# mysql -udev_fqr -pDev@fqr2021 --ssl-ca=ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pemmysql: [Warning] Using a password on the command line interface can be insecure.Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 55Server version: 8.0.22 MySQL Community Server - GPLCopyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.You are enforcing ssl connection via unix socket. Please considerswitching ssl off as it does not make connection via unix socketany more secure.mysql>
把这三个证书下载下来
配置证书目录,即可远程访问:
二、总结
因为测评的时候不会看 JDBC 里面的配置,所以 JDBC 就不改了,不然要改动的地方非常的多,具体演示的时候可以用提前准备两个账号,到时候用客户端连接即可。
目前两台 mysql 的ssl 用户如下:
更多相关文章
- MySQL系列多表连接查询92及99语法示例详解教程
- Linux下MYSQL 5.7 找回root密码的问题(亲测可用)
- MySQL 什么时候使用INNER JOIN 或 LEFT JOIN
- Android(安卓)7.0 https/tls证书配置问题
- android从服务器下载文件(php+apache+win7+MySql)
- Android为HttpClient设置证书(用户名和密码)
- 【有图】android通过jdbc连接mysql(附文件)
- 生成android的bks证书
- android studio发布版和测试版证书SHA1获取