Thursday, October 27, 2016

Activating SSL on clients

Activating SSL on clients

To connect  through SSL, ensure you have set up the user’s grant with ‘REQUIRE SSL’ syntax, similar to below:


$ CREATE SCHEMA testdb;
$ GRANT ALL PRIVILEGES ON testdb.* TO 'test'@'127.0.0.1' IDENTIFIED BY 'password' REQUIRE SSL;
$ FLUSH PRIVILEGES;


Test the console connections by using the following command:


$ mysql -u test-p -h 127.0.0.1 -P3306 --ssl-ca=/etc/ssl/mysql/ca-cert.pem --ssl-cert=/etc/ssl/mysql/client-cert.pem --ssl-key=/etc/ssl/mysql/client-key.pem


Or specify the SSL configuration options inside my.cnf (or .my.cnf for user’s option file) under [client] directive:


[client]
ssl-ca=/etc/ssl/mysql/ca-cert.pem
ssl-cert=/etc/ssl/mysql/client-cert.pem
ssl-key=/etc/ssl/mysql/client-key.pem

 All connections from client applications  now fully encrypted.

No comments: