How to Create SSL certificates for MySQL Server and Client using OpenSSL.
We have to create an SSL certificate and private key for an MySQL server, which will be used when connecting to the server over SSL.
Make sure that OpenSSL is installed on your system where an MySQL server is running. Normally all Linux distributions have OpenSSL installed by default.
- To check if OpenSSL is installed, use the following command.
$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
- First, create a temporary working directory where we will keep the key and certificate files.
$ sudo mkdir ~/cert
$ cd ~/cert
- Create the CA private key and certificate. The following commands will create ca-key.pem and ca-cert.pem.
$ openssl genrsa 2048 > ca-key.pem
$ openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem
The second command will ask you several questions. It does not matter what you put in these field. Just fill out those fields.
- The next step is to create a private key for the server.
$ openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout server-key.pem > server-req.pem
This command will ask several questions again, and you can put the same answers which you have provided in the previous step.
- Export the server's private key to RSA-type key with this command below.
$ openssl rsa -in server-key.pem -out server-key.pem
- Finally, generate a server certificate using the CA certificate.
$ openssl x509 -sha1 -req -in server-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial
- We now have the following files:
If you are experiencing issues with ScaleArc or with any of it's features, please contact ScaleArc Support. We are available 24x7 by phone at 855 800 7225 or +1 408 412 7315. For general support inquiries, you can also e-mail us at firstname.lastname@example.org.
2901 Tasman Drive Santa Clara, CA 95054 | Email: email@example.com