Revision [1921]
Last edited on 2008-09-02 22:32:55 by WikiAdminAdditions:
show variables like '%ssl%';
If have_ssl or have_openssl says NO, you don't have ssl support. If it says DISABLED, you have ssl support. On freebsd, you can recompile MySQL with ssl support via ports. Simply go to the port directory and do **make WITH_OPENSSL=YES install clean**
If have_ssl or have_openssl says NO, you don't have ssl support. If it says DISABLED, you have ssl support. On freebsd, you can recompile MySQL with ssl support via ports. Simply go to the port directory and do **make WITH_OPENSSL=YES install clean**
Deletions:
If it says NO, you don't have ssl support. If it says DISABLED, you have ssl support. On freebsd, you can recompile MySQL with ssl support via ports. Simply go to the port directory and do **make WITH_OPENSSL=YES install clean**
Revision [1920]
Edited on 2008-09-02 22:26:09 by WikiAdminAdditions:
From MySQL's doc, one should check ssl support with the command. The following tells you ssl support is absent.
shell> mysqld --ssl --help
060525 14:18:52 [ERROR] mysqld: unknown option '--ssl'
shell> mysqld --ssl --help
060525 14:18:52 [ERROR] mysqld: unknown option '--ssl'
Revision [530]
Edited on 2007-05-14 23:41:49 by WikiAdminAdditions:
mysql> show status like 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value |
+---------------+--------------------+
| Ssl_cipher | DHE-RSA-AES256-SHA |
+---------------+--------------------+
1 row in set (0.01 sec)
There you have an SSL-enabled MySQL connection.
+---------------+--------------------+
| Variable_name | Value |
+---------------+--------------------+
| Ssl_cipher | DHE-RSA-AES256-SHA |
+---------------+--------------------+
1 row in set (0.01 sec)
There you have an SSL-enabled MySQL connection.
Revision [529]
Edited on 2007-05-14 23:40:35 by WikiAdminAdditions:
[client]
ssl-cert=/var/db/mysql/client-cert.pem
ssl-key=/var/db/mysql/client-key.pem
You probably want to put the client configurations on your client machine, and vice versa. When a connection is established, you can check your connection by
mysql> \s
--------------
mysql Ver 14.12 Distrib 5.0.22, for redhat-linux-gnu (i686) using readline 5.0
Connection id: 8
Current database:
Current user: root@192.168.18.198
SSL: Cipher in use is DHE-RSA-AES256-SHA
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.0.37
Protocol version: 10
Connection: 192.168.18.192 via TCP/IP
Server characterset: latin1
Db characterset: latin1
Client characterset: latin1
Conn. characterset: latin1
TCP port: 3306
Uptime: 53 min 36 sec
Threads: 2 Questions: 8 Slow queries: 0 Opens: 12 Flush tables: 1 Open tables: 6 Queries per second avg: 0.002
--------------
ssl-cert=/var/db/mysql/client-cert.pem
ssl-key=/var/db/mysql/client-key.pem
You probably want to put the client configurations on your client machine, and vice versa. When a connection is established, you can check your connection by
mysql> \s
--------------
mysql Ver 14.12 Distrib 5.0.22, for redhat-linux-gnu (i686) using readline 5.0
Connection id: 8
Current database:
Current user: root@192.168.18.198
SSL: Cipher in use is DHE-RSA-AES256-SHA
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.0.37
Protocol version: 10
Connection: 192.168.18.192 via TCP/IP
Server characterset: latin1
Db characterset: latin1
Client characterset: latin1
Conn. characterset: latin1
TCP port: 3306
Uptime: 53 min 36 sec
Threads: 2 Questions: 8 Slow queries: 0 Opens: 12 Flush tables: 1 Open tables: 6 Queries per second avg: 0.002
--------------
Deletions:
#ssl-ca=/var/db/mysql/ca-cert.pem
#ssl-cert=/var/db/mysql/client-cert.pem
#ssl-key=/var/db/mysql/client-key.pem
Revision [528]
Edited on 2007-05-14 22:47:38 by WikiAdminAdditions:
%%(text;my.cnf)
#[client]
#ssl-ca=/var/db/mysql/ca-cert.pem
#ssl-cert=/var/db/mysql/client-cert.pem
#ssl-key=/var/db/mysql/client-key.pem
[mysqld]
ssl-ca=/var/db/mysql/ca-cert.pem
ssl-cert=/var/db/mysql/server-cert.pem
ssl-key=/var/db/mysql/server-key.pem
#[client]
#ssl-ca=/var/db/mysql/ca-cert.pem
#ssl-cert=/var/db/mysql/client-cert.pem
#ssl-key=/var/db/mysql/client-key.pem
[mysqld]
ssl-ca=/var/db/mysql/ca-cert.pem
ssl-cert=/var/db/mysql/server-cert.pem
ssl-key=/var/db/mysql/server-key.pem
