bitsCN.com
mysql通过ssl的方式生成秘钥
-- mysql ssl 生成秘钥
1 check ssl是否已经开启
mysql> show variables like '%ssl%';
+---------------+----------+
| Variable_name | Value |
+---------------+----------+
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | |
+---------------+----------+
9 rows in set (0.00 sec)
2 没有开启,所以打开
在my.cnf末尾端设置ssl 参数, 然后重新启动mysql服务即可
mysql> show variables like '%ssl%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | |
+---------------+-------+
9 rows in set (0.00 sec)
3 通过openssl生成证书的配置, 在mysql db server上生成秘钥
mkdir -p /etc/mysql/newcerts/
cd /etc/mysql/newcerts/
3.1 openssl genrsa 2048 > ca-key.pem
3.2 openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
[root@mysql newcerts]# openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:shh
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:db
Common Name (eg, your name or your server''s hostname) []:mysql.yest.nos
Email Address []:xx@xx.com
3.3 openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
[root@mysql newcerts]# openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
Generating a 2048 bit RSA private key
.......................................................................................................+++
..........................................................+++
writing new private key to 'server-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:ssh
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:db
Common Name (eg, your name or your server''s hostname) []:mysql.yest.nos
Email Address []:xx@xx.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:820923
An optional company name []:xx
4 在mysql db server客户端生成ssl文件
4.1 openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
[root@mysql newcerts]# openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
Signature ok
subject=/C=ch/ST=shh/L=ssh/O=ea/OU=db/CN=mysql.yest.nos/emailAddress=cm@xx.com
Getting CA Private Key
4.2 openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem
[root@mysql newcerts]# openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem
Generating a 2048 bit RSA private key
.......+++
........................................................+++
writing new private key to 'client-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:shh
Locality Name (eg, city) [Default City]:shh
Organization Name (eg, company) [Default Company Ltd]:xx
Organizational Unit Name (eg, section) []:db
Common Name (eg, your name or your server''s hostname) []:mysql.yest.nos
Email Address []:cx@xx.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:820923
An optional company name []:xx
4.3
openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
[root@mysql newcerts]# openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
Signature ok
subject=/C=ch/ST=shh/L=shh/O=ea/OU=db/CN=mysql.yest.nos/emailAddress=cm@xx.com
Getting CA Private Key
5
[]copy clent.* 3个文件到客户端机器上面/opt/mysql/ssl/去。
6 登陆验证
mysql -uxxx -pxxxx --ssl-ca=/opt/mysql/ssl/ca-cert.pem --ssl-cert=/opt/mysql/ssl/server-cert.pem --ssl-key=/opt/mysql/ssl/server-key.pem
bitsCN.com
What are some tools you can use to monitor MySQL performance?Apr 23, 2025 am 12:21 AMHow to effectively monitor MySQL performance? Use tools such as mysqladmin, SHOWGLOBALSTATUS, PerconaMonitoring and Management (PMM), and MySQL EnterpriseMonitor. 1. Use mysqladmin to view the number of connections. 2. Use SHOWGLOBALSTATUS to view the query number. 3.PMM provides detailed performance data and graphical interface. 4.MySQLEnterpriseMonitor provides rich monitoring functions and alarm mechanisms.
How does MySQL differ from SQL Server?Apr 23, 2025 am 12:20 AMThe difference between MySQL and SQLServer is: 1) MySQL is open source and suitable for web and embedded systems, 2) SQLServer is a commercial product of Microsoft and is suitable for enterprise-level applications. There are significant differences between the two in storage engine, performance optimization and application scenarios. When choosing, you need to consider project size and future scalability.
In what scenarios might you choose SQL Server over MySQL?Apr 23, 2025 am 12:20 AMIn enterprise-level application scenarios that require high availability, advanced security and good integration, SQLServer should be chosen instead of MySQL. 1) SQLServer provides enterprise-level features such as high availability and advanced security. 2) It is closely integrated with Microsoft ecosystems such as VisualStudio and PowerBI. 3) SQLServer performs excellent in performance optimization and supports memory-optimized tables and column storage indexes.
How does MySQL handle character sets and collations?Apr 23, 2025 am 12:19 AMMySQLmanagescharactersetsandcollationsbyusingUTF-8asthedefault,allowingconfigurationatdatabase,table,andcolumnlevels,andrequiringcarefulalignmenttoavoidmismatches.1)Setdefaultcharactersetandcollationforadatabase.2)Configurecharactersetandcollationfor
What are triggers in MySQL?Apr 23, 2025 am 12:11 AMA MySQL trigger is an automatically executed stored procedure associated with a table that is used to perform a series of operations when a specific data operation is performed. 1) Trigger definition and function: used for data verification, logging, etc. 2) Working principle: It is divided into BEFORE and AFTER, and supports row-level triggering. 3) Example of use: Can be used to record salary changes or update inventory. 4) Debugging skills: Use SHOWTRIGGERS and SHOWCREATETRIGGER commands. 5) Performance optimization: Avoid complex operations, use indexes, and manage transactions.
How do you create and manage user accounts in MySQL?Apr 22, 2025 pm 06:05 PMThe steps to create and manage user accounts in MySQL are as follows: 1. Create a user: Use CREATEUSER'newuser'@'localhost'IDENTIFIEDBY'password'; 2. Assign permissions: Use GRANTSELECT, INSERT, UPDATEONmydatabase.TO'newuser'@'localhost'; 3. Fix permission error: Use REVOKEALLPRIVILEGESONmydatabase.FROM'newuser'@'localhost'; then reassign permissions; 4. Optimization permissions: Use SHOWGRA
How does MySQL differ from Oracle?Apr 22, 2025 pm 05:57 PMMySQL is suitable for rapid development and small and medium-sized applications, while Oracle is suitable for large enterprises and high availability needs. 1) MySQL is open source and easy to use, suitable for web applications and small and medium-sized enterprises. 2) Oracle is powerful and suitable for large enterprises and government agencies. 3) MySQL supports a variety of storage engines, and Oracle provides rich enterprise-level functions.
What are the disadvantages of using MySQL compared to other relational databases?Apr 22, 2025 pm 05:49 PMThe disadvantages of MySQL compared to other relational databases include: 1. Performance issues: You may encounter bottlenecks when processing large-scale data, and PostgreSQL performs better in complex queries and big data processing. 2. Scalability: The horizontal scaling ability is not as good as Google Spanner and Amazon Aurora. 3. Functional limitations: Not as good as PostgreSQL and Oracle in advanced functions, some functions require more custom code and maintenance.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
Atom editor mac version download
The most popular open source editor
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
