Allow Clients To Connect Via SSL
- To start the MySQL server so that it allows clients to connect via SSL, use the options that identify the key and certificate files the server needs when establishing a secure connection.
mysqld --ssl-ca=cacert.pem --ssl-cert=server-cert.pem --ssl-key=server-key.pem
--ssl-ca identifies the Certificate Authority (CA) certificate.
--ssl-cert identifies the server public key.
--ssl-key identifies the server private key.
- To establish a secure connection to a MySQL server with SSL support, the options that a client must specify depend on the SSL requirements of the user account that the client uses.
- If the account has no special SSL requirements or was created using a
GRANT statement that includes the REQUIRE SSL option, a client can connect securely by using just the --ssl-ca option.
mysql --ssl-ca=cacert.pem
- To require a client certificate also be specified, create the account using the
REQUIRE X509 option.
- Then the client must also specify the proper client key and certificate files or the server will reject the connection.
mysql --ssl-ca=cacert.pem --ssl-cert=server-cert.pem --ssl-key=server-key.pem
- The options are very similar to those used for the server.
- The Certificate Authority certificate has to be the same.
How do I create client and server certificate and key files?
© 2007 John Michael Pierobon
Notes
![[OUTLINE]](../images/index.gif)
![[PREVIOUS]](../images/back.gif)
![[NEXT PAGE]](../images/next.gif)
![[CHAPTER 4]](../images/up.gif)