Home >Database >Mysql Tutorial >How to implement two-way SSL authentication for a MySQL database

How to implement two-way SSL authentication for a MySQL database

王林
王林Original
2023-09-09 19:36:18882browse

如何为 MySQL 数据库实现双向 SSL 认证

How to implement two-way SSL authentication for MySQL database

  1. What is two-way SSL authentication?
    Two-way SSL (Secure Sockets Layer) authentication is an encrypted communication method that requires the server and client to verify each other's identity. In the database, two-way SSL authentication ensures that only authorized users and applications can connect and communicate, increasing data security.
  2. Preparation
    Before you start configuring two-way SSL authentication, ensure that the following conditions are met:
  3. You have obtained an authentication authority (CA) with a public key certificate and private key, or Self-signed certificate
  4. The MySQL database server has been installed and has administrator rights
  5. The client certificate and key pair have been generated through the OpenSSL tool
  6. Configure MySQL Server
    3.1 Generate a self-signed certificate
    Execute the following command on the command line to generate a self-signed certificate and private key file:

    $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server-key.pem -out server-cert.pem

    Fill in the certificate-related information as prompted. The generated server-cert.pem file is the server certificate, and the server-key.pem file is the server private key.

3.2 Edit the MySQL configuration file
Open the MySQL configuration file my.cnf or my.ini and add the following configuration items:

[mysqld]
ssl-ca=/path/to/ca-cert.pem
ssl-cert=/path/to/server-cert.pem
ssl-key=/path/to/server-key.pem

Among them, /path/to / is the storage path of the certificate file. These configuration items specify the MySQL server's CA, server certificate, and server private key.

3.3 Restart the MySQL server
Restart the MySQL server to make the configuration items take effect.

  1. Configure client connection
    4.1 Generate client certificate and key pair
    Execute the following commands in the command line to generate client certificate and private key files:

    $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout client-key.pem -out client-cert.pem

    Fill in the certificate-related information as prompted. The generated client-cert.pem file is the client certificate, and the client-key.pem file is the client private key.

4.2 Configure client connection parameters
In the application code that connects to the MySQL database, add the following connection parameters:

jdbc:mysql://hostname:port/database?ssl=true&verifyServerCertificate=true&clientCertificate=/path/to/client-cert.pem&clientKey=/path/to/client-key.pem

Among them, hostname and port are respectively The host name and port number of the MySQL server, database is the name of the database to be connected.

  1. Testing the connection
    Restart the application and try to connect to the MySQL database. If everything is configured correctly, the connection should be established successfully and allow for secure, two-way SSL certified communication.

Summary:
Through the above steps, we successfully implemented two-way SSL authentication for the MySQL database. Two-way SSL authentication secures database connections, protecting sensitive data from unauthorized access. However, we need to pay attention to regularly updating the certificate and keeping the private key properly to ensure the security of the system.

The above is the detailed content of How to implement two-way SSL authentication for a MySQL database. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn