
SSL certificate always used to encrypted the data file and it is actually supported for database as well.
Today, I will guide you on how to create SSL for MySQL. With this article, I will use OpenSSL as an example.
Please refer to the following command line.
======================
# Create clean environment
shell> rm -rf newcerts
shell> mkdir newcerts && cd newcerts
# Create CA certificate
shell> openssl genrsa 2048 > ca-key.pem
shell> openssl req -new -x509 -nodes -days 1000 \
-key ca-key.pem > ca-cert.pem
# Create server certificate
shell> openssl req -newkey rsa:2048 -days 1000 \
-nodes -keyout server-key.pem > server-req.pem
shell> openssl x509 -req -in server-req.pem -days 1000 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
# Create client certificate
shell> openssl req -newkey rsa:2048 -days 1000 \
-nodes -keyout client-key.pem > client-req.pem
shell> openssl x509 -req -in client-req.pem -days 1000 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
======================
# Create clean environment
shell> <strong class="userinput"><code>rm -rf newcerts</code></strong>
shell> <strong class="userinput"><code>mkdir newcerts && cd newcerts</code></strong>
# Create CA certificate
shell> <strong class="userinput"><code>openssl genrsa 2048 > ca-key.pem</code></strong>
shell> <strong class="userinput"><code>openssl req -new -x509 -nodes -days 1000 \</code></strong>
<strong class="userinput"><code>-key ca-key.pem > ca-cert.pem</code></strong>
# Create server certificate
shell> <strong class="userinput"><code>openssl req -newkey rsa:2048 -days 1000 \</code></strong>
<strong class="userinput"><code>-nodes -keyout server-key.pem > server-req.pem</code></strong>
shell> <strong class="userinput"><code>openssl x509 -req -in server-req.pem -days 1000 \</code></strong>
<strong class="userinput"><code>-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem</code></strong>
# Create client certificate
shell> <strong class="userinput"><code>openssl req -newkey rsa:2048 -days 1000 \</code></strong>
<strong class="userinput"><code>-nodes -keyout client-key.pem > client-req.pem</code></strong>
shell> <strong class="userinput"><code>openssl x509 -req -in client-req.pem -days 1000 \</code></strong>
<strong class="userinput"><code>-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem</code></strong>