重庆分公司,新征程启航
为企业提供网站建设、域名注册、服务器等服务
这篇文章主要讲解了“mysql5.7怎么对ssl加密连接”,文中的讲解内容简单清晰,易于学习与理解,下面请大家跟着小编的思路慢慢深入,一起来研究和学习“mysql5.7怎么对ssl加密连接”吧!
成都创新互联专注为客户提供全方位的互联网综合服务,包含不限于成都做网站、网站制作、成都外贸网站建设、焉耆网络推广、微信小程序开发、焉耆网络营销、焉耆企业策划、焉耆品牌公关、搜索引擎seo、人物专访、企业宣传片、企业代运营等,从售前售中售后,我们都将竭诚为您服务,您的肯定,是我们大的嘉奖;成都创新互联为所有大学生创业者提供焉耆建站搭建服务,24小时服务热线:18982081108,官方网址:www.cdcxhl.commysql> select version(); +-----------+ | version() | +-----------+ | 5.7.19 | +-----------+ 1 row in set (0.00 sec)
mysql> show variables like 'have%ssl%'; +---------------+----------+ | Variable_name | Value | +---------------+----------+ | have_openssl | DISABLED | | have_ssl | DISABLED | +---------------+----------+ 2 rows in set (0.02 sec)
mysql> show variables like 'port'; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | port | 3306 | +---------------+-------+ 1 row in set (0.01 sec)
mysql> show variables like 'datadir'; +---------------+-------------------+ | Variable_name | Value | +---------------+-------------------+ | datadir | /data| +---------------+-------------------+ 1 row in set (0.01 sec)
1. SSL配置
* 利用自带工具生成SSL相关文件
root@MySQL ~]# /usr/local/mysql/bin/mysql_ssl_rsa_setup --datadir=/data Generating a 2048 bit RSA private key ..........................................................................+++ .....+++ writing new private key to 'ca-key.pem' ----- Generating a 2048 bit RSA private key .......................................................................................................................................................................+++ ...+++ writing new private key to 'server-key.pem' ----- Generating a 2048 bit RSA private key .....................+++ ...........................................+++ writing new private key to 'client-key.pem' -----
* 查看生成的SSL文件
[root@MySQL ~]# ls -l /data/mysql_data/*.pem -rw------- 1 root root 1679 Jun 24 20:54 /data/ca-key.pem -rw-r--r-- 1 root root 1074 Jun 24 20:54 /data/ca.pem -rw-r--r-- 1 root root 1078 Jun 24 20:54 /data/client-cert.pem -rw------- 1 root root 1675 Jun 24 20:54 /data/client-key.pem -rw------- 1 root root 1675 Jun 24 20:54 /data/private_key.pem -rw-r--r-- 1 root root 451 Jun 24 20:54 /data/public_key.pem -rw-r--r-- 1 root root 1078 Jun 24 20:54 /data/server-cert.pem -rw------- 1 root root 1675 Jun 24 20:54 /data/server-key.pem
* 重启 MySQL 服务
[
root@MySQL ~]# /etc/init.d/mysqld restart Shutting down MySQL.. SUCCESS! Starting MySQL. SUCCESS!
* 连接MySQL 查看SSL开启状态
have_openssl 与 have_ssl 值都为YES表示ssl开启成功
mysql> show variables like 'have%ssl%'; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | have_openssl | YES | | have_ssl | YES | +---------------+-------+ 2 rows in set (0.03 sec)
SSL + 密码连接测试
* 创建用户并指定 SSL 连接 [ MySQL 5.7后推荐使用create user 方式创建用户 ]
mysql> create user 'ssl_test'@'%' identified by '123' require SSL; Query OK, 0 rows affected (0.00 sec)
* 通过密码连接测试 [ 默认采用SSL连接,需要指定不使用SSL连接 ]
[root@MySQL ~]# mysql -h 192.168.60.129 -ussl_test -p'123' --ssl=0 mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'ssl_test'@'192.168.60.129' (using password: YES)
* 通过 SSL + 密码 连接测试
SSL: Cipher in use is DHE-RSA-AES256-SHA 表示通过SSL连接
[root@MySQL ~]# mysql -h 192.168.60.129 -ussl_test -p'123' --ssl mysql: [Warning] Using a password on the command line interface can be insecure. WARNING: --ssl is deprecated and will be removed in a future version. Use --ssl-mode instead. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 12 Server version: 5.7.18 MySQL Community Server (GPL) Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> \s -------------- mysql Ver 14.14 Distrib 5.7.18, for linux-glibc2.5 (x86_64) using EditLine wrapper Connection id: 12 Current database: Current user: ssl_test@192.168.60.129 SSL: Cipher in use is DHE-RSA-AES256-SHA Current pager: stdout Using outfile: '' Using delimiter: ; Server version: 5.7.18 MySQL Community Server (GPL) Protocol version: 10 Connection: 192.168.60.129 via TCP/IP Server characterset: latin1 Db characterset: latin1 Client characterset: utf8 Conn. characterset: utf8 TCP port: 3306 Uptime: 7 min 34 sec Threads: 1 Questions: 29 Slow queries: 0 Opens: 112 Flush tables: 1 Open tables: 105 Queries per second avg: 0.063 -------------- SSL + 密码 + 密钥连接
创建用户并指定 X509 [ SSL+密钥 ] 连接 [ MySQL 5.7后推荐使用create user 方式创建用户 ]
mysql> create user 'wang'@'%' identified by '123' require wang; Query OK, 0 rows affected (0.00 sec)
通过密码连接测试
[root@MySQL ~]# mysql -h 192.168.60.129 -uwang -p'123' --ssl=0 mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'wang'@'192.168.60.129' (using password: YES)
* 通过 SSL +密码 连接测试
[root@MySQL ~]# mysql -h 192.168.60.129 -uwang-p'123' --ssl mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'wang'@'192.168.60.129' (using password: YES)
* 通过 SSL + 密码+密钥连接测试
SSL: Cipher in use is DHE-RSA-AES256-SHA 表示通过SSL连接
[root@MySQL ~]# mysql -h 192.168.60.129 -uwang -p'123' --ssl-cert=/data/client-cert.pem --ssl-key=/data/client-key.pem mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 21 Server version: 5.7.18 MySQL Community Server (GPL) Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> \s -------------- mysql Ver 14.14 Distrib 5.7.18, for linux-glibc2.5 (x86_64) using EditLine wrapper Connection id: 21 Current database: Current user: wang@192.168.60.129 SSL: Cipher in use is DHE-RSA-AES256-SHA Current pager: stdout Using outfile: '' Using delimiter: ; Server version: 5.7.18 MySQL Community Server (GPL) Protocol version: 10 Connection: 192.168.60.129 via TCP/IP Server characterset: latin1 Db characterset: latin1 Client characterset: utf8 Conn. characterset: utf8 TCP port: 3306 Uptime: 18 min 27 sec Threads: 1 Questions: 40 Slow queries: 0 Opens: 118 Flush tables: 1 Open tables: 111 Queries per second avg: 0.036
感谢各位的阅读,以上就是“mysql5.7怎么对ssl加密连接”的内容了,经过本文的学习后,相信大家对mysql5.7怎么对ssl加密连接这一问题有了更深刻的体会,具体使用情况还需要大家实践验证。这里是创新互联,小编将为大家推送更多相关知识点的文章,欢迎关注!