mysql8.0 使用 x509设置加密连接

mysql8.0 使用 x509设置加密连接

# 使用 x509设置加密连接

[[email protected] data]# ls -lhtr /data/mysql/mysql_3306/data/ | grep pem
-rw------- 1 mysql mysql 1.7K Jun 6 2019 ca-key.pem
-rw-r--r-- 1 mysql mysql 1.1K Jun 6 2019 ca.pem
-rw------- 1 mysql mysql 1.7K Jun 6 2019 server-key.pem
-rw-r--r-- 1 mysql mysql 1.1K Jun 6 2019 server-cert.pem
-rw------- 1 mysql mysql 1.7K Jun 6 2019 client-key.pem
-rw-r--r-- 1 mysql mysql 1.1K Jun 6 2019 client-cert.pem
-rw-r--r-- 1 mysql mysql 452 Jun 6 2019 public_key.pem
-rw------- 1 mysql mysql 1.7K Jun 6 2019 private_key.pem

# 在配置文件中添加如下内容

[client]
ssl-cert = data/client/client-cert.pem
ssl-key = /data/client/client-key.pem

[mysqld]
ssl-ca=/data/mysql/mysql_3306/data/ca.pem
ssl-cert=/data/mysql/mysql_3306/data/server-cert.pem
ssl-key=/data/mysql/mysql_3306/data/server-key.pem

# 重启数据库服务

mysql> show variables like ‘%ssl%‘;
+---------------------------------------------------+---------------------------------------------+
| Variable_name | Value |
+---------------------------------------------------+---------------------------------------------+
| group_replication_recovery_ssl_ca | |
| group_replication_recovery_ssl_capath | |
| group_replication_recovery_ssl_cert | |
| group_replication_recovery_ssl_cipher | |
| group_replication_recovery_ssl_crl | |
| group_replication_recovery_ssl_crlpath | |
| group_replication_recovery_ssl_key | |
| group_replication_recovery_ssl_verify_server_cert | OFF |
| group_replication_recovery_use_ssl | OFF |
| group_replication_ssl_mode | DISABLED |
| have_openssl | YES |
| have_ssl | YES |
| mysqlx_ssl_ca | |
| mysqlx_ssl_capath | |
| mysqlx_ssl_cert | |
| mysqlx_ssl_cipher | |
| mysqlx_ssl_crl | |
| mysqlx_ssl_crlpath | |
| mysqlx_ssl_key | |
| ssl_ca | /data/mysql/mysql_3306/data/ca.pem |
| ssl_capath | |
| ssl_cert | /data/mysql/mysql_3306/data/server-cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_fips_mode | OFF |
| ssl_key | /data/mysql/mysql_3306/data/server-key.pem |
+---------------------------------------------------+---------------------------------------------+
27 rows in set (0.01 sec)

mysql>

将 client-cert.pem client-key.pem 传给客户端
chown -R mysql.mysql /data/client/

# 新建测试账号

mysql> create user ‘user_w‘@‘%‘ identified by ‘user_w_pwd‘ require X509;
mysql> grant all privileges on *.* to ‘user_w‘@‘%‘;
[[email protected] client]# mysql -h 192.168.142.145 --ssl-cert=/data/client/client-cert.pem --ssl-key=/data/client/client-key.pem -uuser_w -p‘user_w_pwd‘
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 16
Server version: 8.0.18 MySQL Community Server - GPL

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.

mysql> \s;
--------------
mysql Ver 8.0.18 for linux-glibc2.12 on x86_64 (MySQL Community Server - GPL)

Connection id: 16
Current database:
Current user: user_w@192.168.142.143
SSL: Cipher in use is TLS_AES_256_GCM_SHA384
Current pager: stdout
Using outfile: ‘‘
Using delimiter: ;
Server version: 8.0.18 MySQL Community Server - GPL
Protocol version: 10
Connection: 192.168.142.145 via TCP/IP
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8mb4
Conn. characterset: utf8mb4
TCP port: 3306
Uptime: 22 min 7 sec

Threads: 3 Questions: 35 Slow queries: 0 Opens: 1162 Flush tables: 3 Open tables: 48 Queries per second avg: 0.026
--------------

ERROR:
No query specified

mysql> exit

[[email protected] client]# mysql -h 192.168.142.145 -uuser_w -p‘user_w_pwd‘ mysql: [Warning] Using a password on the command line interface can be insecure.ERROR 1045 (28000): Access denied for user ‘user_w‘@‘192.168.142.143‘ (using password: YES)[[email protected] client]#

# 如果是从库的话,需要使用自己的pem

[[email protected] data]# mysql -h 192.168.142.143 --ssl-cert=/data/mysql/mysql_3306/data/client-cert.pem --ssl-key=/data/mysql/mysql_3306/data/client-key.pem -uuser_w -p‘user_w_pwd‘
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 23
Server version: 8.0.18 MySQL Community Server - GPL


Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.


Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.


Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.


mysql> exit
Bye
[[email protected] data]#

 

原文地址:https://www.cnblogs.com/bjx2020/p/12120554.html

时间: 2024-10-14 06:06:09

mysql8.0 使用 x509设置加密连接的相关文章

Navicat连接MySQL8.0版本时 建议升级连接客户端这个提示怎么办

开始->mysql 8.0 command line client ->执行下面的命令//开启mysql服务mysql.server start//进入mysqlmysql -u root -p//修改密码方案3(对)USE mysql; ALTER USER 'root'@'localhost'IDENTIFIED WITH mysql_native_password BY '密码';//重启FLUSH PRIVILEGES; 可能在修改密码那条指令会报error错误  如果报错了 多次重复

mysql学习(2)-Navicat Premium 12 链接MySQL8.0.11数据库报2059错误

Navicat Premium 12 链接MySQL8.0.11数据库报2059错误 1,问题现象 安装完MySQL8.0.11和Navicat Premium12后,我们会用Navicat去测试连接MySQL,但是测试时出现以下报提示: 2,问题原因 mysql8.0之前的版本加密规则是mysql_native_password,mysql8.0之后,加密规则是caching_sha2_password. 3,解决方案 在这里要特别说明一点,如果安装完MySQL8.0.11以后,没有设置环境变

MySQL8.0手动安装

首先跟大家唠一唠家常,随着MySQL迅速的更新,MySQL突飞猛进已经到了8.0版本,那么它和我们之前用的5.X版本有什么明显的区别那? 首先给大家看下MySQL5.X自带表查询速度 之后献上MySQL8.0的自带表查询速度 结果显而易见,MySQL8.0的坑我是走了个遍,为了让大家少走弯路,献上以下手动安装方法 1. 官网下载并解压. 我下载了mysql-8.0.11-winx64 2. 设置系统环境变量. 这个不多说百度上很多,这个只是为了命令行方便... 3. 编写配置文件. 根目录下手动

MySQL-8.0填坑

Client does not support authentication protocol 或 Authentication plugin 'caching_sha2_password' cannot be loaded 解决方法 使用8.0的MySQL Command Line Client执行: # 修改密码验证类型 ALTER USER '用户名'@'主机(全部主机为%)' IDENTIFIED WITH mysql_native_password BY '密码'; # 刷新设置 FL

boost::asio设置同步连接超时

boost::asio设置同步连接超时 CSDN上求助无果,只好用自创的非主流方法了.asio自带的例子里是用deadline_timer的async_wait方法来实现超时的,这种方法需要单独写一个回调函数,不利于把连接和超时封装到单个函数里.传统的Winsock编程可以先把socket设为非阻塞,然后connect,再用select来判断超时,asio也可以这样做,唯一“非主流”的是asio里没有一个类似select的函数,所以得调用原始的Winsock API,也就牺牲了跨平台: #inc

mysql8.0 Authentication plugin 'caching_sha2_password' cannot be loaded

安装mysql8.0后使用navicat创建连接, 然后报如题所示警告.可参考如下解决方案: https://stackoverflow.com/questions/49194719/authentication-plugin-caching-sha2-password-cannot-be-loaded 8.0改变了身份验证插件,改成使用老版本的身份验证插件方式就好了. 我的操作步骤: 1.修改C:\ProgramData\MySQL\MySQL Server 8.0\my.ini文件中,cac

CentOs7中Mysql8.0设置远程连接

1 登陆Mysql mysql -uroot -p 输入密码 2 选择 mysql 数据库 use mysql; 在mysql数据库中存储了用户信息的user表 3 在 mysql 数据库的 user 表中查看当前 root 用户的相关信息 select host, user, authentication_string, plugin from user; 可以看到root用户的host默认为localhost,只允许本地访问,不允许远程连接.. 为了安全(网上有人是这么说的,作为菜鸡,我也不

远程连接MYSQL8.0服务器问题

title: 远程连接MYSQL8.0服务器问题 date: 2018-07-07 11:02:26 updated: tags: [MYSQL,坑] description: keywords: comments: image: --- 问题描述: 先前使用MYSQL5.1,远端访问MYSQL服务器没问题,遇到的问题也就是防火墙问题,修改出入站规则后轻松的解决了.但是MYSQL8.0就很坑了,按照网上的解决办法折腾了两个小时,最后解决,依然不明白哪里有问题,只能把操作复现,为以后使用留个记录.

PDO连接mysql8.0报PDO::__construct(): Server sent charset (255) unknown to the client. Please, report to the developers错误

安装mysql8.0之后,尝试使用php连接mysql,总是报PDO::__construct(): Server sent charset (255) unknown to the client. Please, report to the developers错误,网上找了很多资料,然而都没有多大用处. 查找了mysql官方说明文档才知道原来M8.0已经已经把默认字符集升级成ut8mb4了,于是找到my.cnf文件,修改如下: 1 [client] 2 port = 3306 3 socke