Creating SSL MySQL from Linux

SSL certificate always used to encrypted the data file and it is actually supported for database as well.

Today, I will guide you on how to create SSL for MySQL. With this article, I will use OpenSSL as an example.

Please refer to the following command line.
======================
# Create clean environment
shell> rm -rf newcerts
shell> mkdir newcerts && cd newcerts

# Create CA certificate
shell> openssl genrsa 2048 > ca-key.pem
shell> openssl req -new -x509 -nodes -days 1000 \
-key ca-key.pem > ca-cert.pem

# Create server certificate
shell> openssl req -newkey rsa:2048 -days 1000 \
-nodes -keyout server-key.pem > server-req.pem
shell> openssl x509 -req -in server-req.pem -days 1000 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

# Create client certificate
shell> openssl req -newkey rsa:2048 -days 1000 \
-nodes -keyout client-key.pem > client-req.pem
shell> openssl x509 -req -in client-req.pem -days 1000 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
======================

# Create clean environment
shell&gt; <strong class="userinput"><code>rm -rf newcerts</code></strong>
shell&gt; <strong class="userinput"><code>mkdir newcerts &amp;&amp; cd newcerts</code></strong>

# Create CA certificate
shell&gt; <strong class="userinput"><code>openssl genrsa 2048 &gt; ca-key.pem</code></strong>
shell&gt; <strong class="userinput"><code>openssl req -new -x509 -nodes -days 1000 \</code></strong>
         <strong class="userinput"><code>-key ca-key.pem &gt; ca-cert.pem</code></strong>

# Create server certificate
shell&gt; <strong class="userinput"><code>openssl req -newkey rsa:2048 -days 1000 \</code></strong>
         <strong class="userinput"><code>-nodes -keyout server-key.pem &gt; server-req.pem</code></strong>
shell&gt; <strong class="userinput"><code>openssl x509 -req -in server-req.pem -days 1000 \</code></strong>
         <strong class="userinput"><code>-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 &gt; server-cert.pem</code></strong>

# Create client certificate
shell&gt; <strong class="userinput"><code>openssl req -newkey rsa:2048 -days 1000 \</code></strong>
         <strong class="userinput"><code>-nodes -keyout client-key.pem &gt; client-req.pem</code></strong>
shell&gt; <strong class="userinput"><code>openssl x509 -req -in client-req.pem -days 1000 \</code></strong>
         <strong class="userinput"><code>-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 &gt; client-cert.pem</code></strong>

Published by

Mick Genie

Mick Genie is the founder of MickGenie.com and working at ExaBytes Network Sdn Bhd and WPWebHost web host company. He is expertise in Windows and Linux environment especially web hosting related information, tips and trick as well as the IT Information.