Creating SSL MySQL from Linux

SSL certificate always used to encrypted the data file and it is actually supported for database as well.

Today, I will guide you on how to create SSL for MySQL. With this article, I will use OpenSSL as an example.

Please refer to the following command line.
======================
# Create clean environment
shell> rm -rf newcerts
shell> mkdir newcerts && cd newcerts

# Create CA certificate
shell> openssl genrsa 2048 > ca-key.pem
shell> openssl req -new -x509 -nodes -days 1000 \
-key ca-key.pem > ca-cert.pem

# Create server certificate
shell> openssl req -newkey rsa:2048 -days 1000 \
-nodes -keyout server-key.pem > server-req.pem
shell> openssl x509 -req -in server-req.pem -days 1000 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

# Create client certificate
shell> openssl req -newkey rsa:2048 -days 1000 \
-nodes -keyout client-key.pem > client-req.pem
shell> openssl x509 -req -in client-req.pem -days 1000 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
======================

# Create clean environment
shell&gt; <strong class="userinput"><code>rm -rf newcerts</code></strong>
shell&gt; <strong class="userinput"><code>mkdir newcerts &amp;&amp; cd newcerts</code></strong>

# Create CA certificate
shell&gt; <strong class="userinput"><code>openssl genrsa 2048 &gt; ca-key.pem</code></strong>
shell&gt; <strong class="userinput"><code>openssl req -new -x509 -nodes -days 1000 \</code></strong>
         <strong class="userinput"><code>-key ca-key.pem &gt; ca-cert.pem</code></strong>

# Create server certificate
shell&gt; <strong class="userinput"><code>openssl req -newkey rsa:2048 -days 1000 \</code></strong>
         <strong class="userinput"><code>-nodes -keyout server-key.pem &gt; server-req.pem</code></strong>
shell&gt; <strong class="userinput"><code>openssl x509 -req -in server-req.pem -days 1000 \</code></strong>
         <strong class="userinput"><code>-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 &gt; server-cert.pem</code></strong>

# Create client certificate
shell&gt; <strong class="userinput"><code>openssl req -newkey rsa:2048 -days 1000 \</code></strong>
         <strong class="userinput"><code>-nodes -keyout client-key.pem &gt; client-req.pem</code></strong>
shell&gt; <strong class="userinput"><code>openssl x509 -req -in client-req.pem -days 1000 \</code></strong>
         <strong class="userinput"><code>-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 &gt; client-cert.pem</code></strong>

How to disable mod_security for an account

Sometimes, you might want to disable the mod_security applied to the virtual server and you might wonder how to do it.

If you are using Apache with mod_security, it could be done from the configuration file.

However, you have to understand the Apache version and mod_security version that you used.

Normally, a hosted server will use Apache 1.x with mod_security 1.x and Apache 2.x with mod_security 2.x.

To find out the Apache version, you may use the following command.

httpd -v

With mod_security 1.x, you may use the following command from each of the virtual host path and add into the .htaccess file.

Continue reading How to disable mod_security for an account