1, SSL introduction
SSL (Secure Socket Layer) uses data encryption, authentication and message integrity verification mechanisms to provide security assurance for application layer protocols based on reliable connections such as TCP.
The functions provided by SSL protocol mainly include:
1. Confidentiality of data transmission: use symmetric key algorithm to encrypt the transmitted data.
2., Authentication mechanism: Based on the certificate, the digital signature method is used to authenticate the server and client, in which the authentication of the client is optional.
3. Message integrity verification: MAC algorithm is used to verify message integrity during message transmission.
If the user's transmission is not through SSL, the data in the network is transmitted in plaintext, which brings an opportunity for people with ulterior motives. Therefore, many large websites now have SSL enabled. Similarly, in our database, if the client connects to the server to obtain data instead of using SSL connection, the data may be stolen during transmission.
2, MySQL 5 7 SSL enable
2.1 check whether SSL is enabled through the command
show global variables like '%ssl%';
When "have_ssl" is YES, it indicates that the database has been opened to support SSL encrypted connection.
2.2. Check whether the current login connection is connected through SSL encryption
2.3. If SSL is not enabled, you need to install MySQL at startup_ ssl_ rsa_ Setup , enables it to support SSL , functions
3, Configure SSL
3.1} log in to the database first and check the installation path
show variables like 'datadir';
3.2} after knowing the database installation path, check whether relevant secret key files have been generated
ll /home/tools/mysql/*.pem
3.3} add ssl parameters to etc / my CNF profile
[mysql] ssl-ca=/var/lib/mysql/ca.pem ssl-cert=/var/lib/mysql/client-cert.pem ssl-key=/var/lib/mysql/client-key.pem [mysqld] ssl-ca=/var/lib/mysql/ca.pem ssl-cert=/var/lib/mysql/client-cert.pem ssl-key=/var/lib/mysql/client-key.pem
3.4. Then restart with the command
systemctl restart mysqld
Then check whether the database connection has been verified by SSL encryption after executing the operation in 2.2
Reference article address:
MySQL 5.7.18 encrypted connection mysql_ssl_rsa_setup
https://www.linuxidc.com/Linux/2017-10/148131.htmMySQL5.7 configure SSL encryptionhttps://www.cnblogs.com/biaopei/p/13039321.html
Notes:
https://www.linuxidc.com/Linux/2017-10/148131.htm https://www.cnblogs.com/biaopei/p/13039321.html View database installation directory show variables like 'datadir'; see ssl Parameter status, viewing have_ssl,by YES,This indicates that support has begun SSL Yes show global variables like '%ssl%'; show global status like '%ssl%'; show status like 'ssl_cipher'; \s and status Command to view database connection information View certificate expiration time SHOW STATUS LIKE 'Ssl_server_not%'; Certificate file: ca-key.pem # CA private key ca.pem # Self signed CA certificate is also required for client connection client-cert.pem # The certificate file that the client needs to provide to connect to the server client-key.pem # The private key file that the client needs to provide to connect to the server private_key.pem # Private member of private / public key pair public_key.pem # Common member of private / public key pair server-cert.pem # Server side certificate file server-key.pem # Server side private key file Set user usage SLL Sign in ALTER USER david@'%' REQUIRE SSL; Database configuration SLL Login database-View database installation directory show variables like 'datadir'; 1,stay etc/my.cnf File configuration [mysql] ssl-ca=/var/lib/mysql/ca.pem ssl-cert=/var/lib/mysql/client-cert.pem ssl-key=/var/lib/mysql/client-key.pem [mysqld] ssl-ca=/var/lib/mysql/ca.pem ssl-cert=/var/lib/mysql/client-cert.pem ssl-key=/var/lib/mysql/client-key.pem 2,systemctl restart mysqld restart Then log in to the database to view \s perhaps status