参考文章:https://blog.csdn.net/johnhill_/article/details/72831932 ,谢谢!

1.安装openssl

下载地址:http://slproweb.com/products/Win32OpenSSL.html

注意:安装完成后,记得配置系统path路径,指到bin目录。

具体路径请根据个人实际情况调整。

在cmd中,输入openssl,看到下图说明成功!

2.添加SSL支持

执行:

show variables like '%ssl%';

如果have_ssl不等于yes,说明还没有支持SSL。

添加SSL支持,打开my.ini文件:

[mysqld]

datadir=D:/app/MariaDB 10.3/data

port=3306

innodb_buffer_pool_size=511M

character-set-server=utf8

event_scheduler=ON

max_connections=1000

ssl

ssl-ca=D:/cert/ca-cert.pem

ssl-cert=D:/cert/server-cert.pem

ssl-key=D:/cert/server-key.pem

[client]

port=3306

plugin-dir=D:/app/MariaDB 10.3/lib/plugin

只需要添加标红行,重启mariadb服务就行。

重启之后再次执行看看have_ssl是否等于yes:

show variables like '%ssl%';

3.建立cert目录

D:\>mkdir cert
D:\>cd cert

4.配置证书

###为注释,蓝色是执行脚本,之下是执行结果。

###CA 私钥

D:\cert>openssl genrsa 2048 > ca-key.pem

Generating RSA private key, 2048 bit long modulus

.........+++++

................................................................................

................................................................................

.........................................................+++++

e is 65537 (0x010001)

###数字证书

D:\cert>openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:CN

Locality Name (eg, city) []:CN

Organization Name (eg, company) [Internet Widgits Pty Ltd]:test

Organizational Unit Name (eg, section) []:COM

Common Name (e.g. server FQDN or YOUR name) []:test.COM

Email Address []:test@test.COM

###服务器端的证书请求文件,A challenge password必须为空

D:\cert>openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout server-key.pem > server-req.pem

Generating a 2048 bit RSA private key

................................................................................

+++++

.....+++++

writing new private key to 'server-key.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:CN

Locality Name (eg, city) []:CN

Organization Name (eg, company) [Internet Widgits Pty Ltd]:test

Organizational Unit Name (eg, section) []:COM

Common Name (e.g. server FQDN or YOUR name) []:test.COM

Email Address []:test@test.COM

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:test.COM

###服务器端的RSA私钥

D:\cert>openssl rsa -in server-key.pem -out server-key.pem

writing RSA key

###服务器端的数字证书

D:\cert>openssl x509 -sha1 -req -in server-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

Signature ok

subject=C = CN, ST = CN, L = CN, O = test, OU = COM, CN = test.COM, emailAddre

ss = test@test.COM

Getting CA Private Key

###客户端的证书请求文件,A challenge password必须为空

D:\cert>openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout client-key.pem > client-req.pem

Generating a 2048 bit RSA private key

.................+++++

.......................................+++++

writing new private key to 'client-key.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:CN

Locality Name (eg, city) []:CN

Organization Name (eg, company) [Internet Widgits Pty Ltd]:test

Organizational Unit Name (eg, section) []:COM

Common Name (e.g. server FQDN or YOUR name) []:test.COM

Email Address []:test@test.COM

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

###客户端的RSA私钥:

D:\cert>openssl rsa -in client-key.pem -out client-key.pem

writing RSA key

###客户端的数字证书

D:\cert>openssl x509 -sha1 -req -in client-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem

Signature ok

subject=C = CN, ST = CN, L = CN, O = test, OU = COM, CN = test.COM, emailAddre

ss = test@test.COM

Getting CA Private Key

5.在my.ini中配置证书

[mysqld]

datadir=D:/app/MariaDB 10.3/data

port=3306

innodb_buffer_pool_size=511M

character-set-server=utf8

event_scheduler=ON

max_connections=1000

ssl

ssl-ca=D:/cert/ca-cert.pem

ssl-cert=D:/cert/server-cert.pem

ssl-key=D:/cert/server-key.pem

[client]

port=3306

plugin-dir=D:/app/MariaDB 10.3/lib/plugin

只需要添加标红行,重启mariadb服务就行。再次执行

show variables like '%ssl%';

返回结果:

文件说明

ca-cert.pem: CA 证书, 用于生成服务器端/客户端的数字证书.

ca-key.pem: CA 私钥, 用于生成服务器端/客户端的数字证书.

server-key.pem: 服务器端的 RSA 私钥

server-req.pem: 服务器端的证书请求文件, 用于生成服务器端的数字证书.

server-cert.pem: 服务器端的数字证书.

client-key.pem: 客户端的 RSA 私钥

client-req.pem: 客户端的证书请求文件, 用于生成客户端的数字证书.

client-cert.pem: 客户端的数字证书.

MariaDB:SSL配置的更多相关文章

  1. 百度CDN 网站SSL 配置

    百度CDN SSL配置步骤 一般从SSL提供商购买到的证书是CRT二进制格式的. 1. 将 CRT 导入到IIS中, 然后从IIS中导出为PFX格式 2. 下载openssl,执行下面命令 提取用户证 ...

  2. Nginx SSL配置过程

    1. 在godaddy购买了UCC SSL(最多5个域名)的SSL证书 2. 设置证书 -- 管理 -- 3. 需要制作证书申请CSR文件(在线工具制作或者openssl命令制作),保存CSR和key ...

  3. ssl配置

    Apache SSL配置 作者: JeremyWei | 可以转载, 但必须以超链接形式标明文章原始出处和作者信息及版权声明网址: http://weizhifeng.net/apache-ssl.h ...

  4. SSL 通信原理及Tomcat SSL 配置

    SSL 通信原理及Tomcat SSL 双向配置 目录1 参考资料 .................................................................. ...

  5. nginx反向代理cas server之1:多个cas server负载均衡配置以及ssl配置

    系统环境采用centOS7 由于cas server不支持session持久化方式的共享,所以请用其他方式代替,例如:组播复制. 为什么不支持session持久化:http://blog.csdn.n ...

  6. centos7邮件服务器SSL配置

    在上篇文章centos7搭建postfix邮件服务器的搭建中我们没有配置SSL,接下来我们在这篇文章中讲讲centos7邮件服务器SSL配置. 1. 创建SSL证书 [root@www ~]# cd ...

  7. 基于【CentOS-7+ Ambari 2.7.0 + HDP 3.0】搭建HAWQ数据仓库 —— MariaDB 安装配置

    一.安装并使用MariaDB作为Ambari.Hive.Hue的存储数据库. yum install mariadb-server mariadb 启动.查看状态,检查mariadb是否成功安装 sy ...

  8. Sahi (2) —— https/SSL配置(102 Tutorial)

    Sahi (2) -- https/SSL配置(102 Tutorial) jvm版本: 1.8.0_65 sahi版本: Sahi Pro 6.1.0 参考来源: Sahi官网 Sahi Quick ...

  9. Nginx SSL配置

    一.SSL 原理 ① 客户端( 浏览器 )发送一个 https 请求给服务器② 服务器要有一套证书,其实就是公钥和私钥,这套证书可以自己生成,也可以向组织申请,服务器会把公钥传输给客户端③ 客户端收到 ...

  10. Tomcat服务器配置https协议(Tomcat HTTPS/SSL 配置)

    通常商用服务器使用https协议需要申请SSL证书,证书都是收费的,价格有贵的有便宜的.它们的区别是发行证书的机构不同,贵的证书机构更权威,证书被浏览器否决的几率更小. 非商业版本可以通过keytoo ...

随机推荐

  1. Kaggle教程——大神教你上分

    本文记录笔者在观看Coursera上国立经济大学HLE的课程 How to win a data science competetion中的收获,和大家分享.课程的这门课的讲授人是Kaggle的大牛, ...

  2. CodeVs 1615 数据备份

    题目:数据备份 链接:Here 题意:有n个点在一条线上,每次连线可以连接两个点(每个点只能被连一次),要求找出m个连线,他们的和最小(连线权值就是两点距离),输出最小的和.给出n.m和每个点的坐标. ...

  3. 谈谈java做登录那些事(一 分析)

    前言: 最近要给自己的网站模板写一个登陆功能,其他功能已经写了一半了,我觉得可以写个登陆整合一下了. 借鉴博客:https://www.cnblogs.com/moyand/p/9047978.htm ...

  4. 使用 Python 爬取网页数据

    1. 使用 urllib.request 获取网页 urllib 是 Python 內建的 HTTP 库, 使用 urllib 可以只需要很简单的步骤就能高效采集数据; 配合 Beautiful 等 ...

  5. 安装 Power BI 报表服务器

    开始之前 建议在安装 Power BI 报表服务器之前先查看安装 Power BI 报表服务器所要满足的硬件和软件要求. Power BI 报表服务器产品密钥 Power BI Premium 如果已 ...

  6. CODEVS 3546 矩阵链乘法

    http://codevs.cn/problem/3546/ 题目 给定有n个要相乘的矩阵构成的序列(链)<A1,A2,A3,.......,An>,要计算乘积A1A2.....An.一组 ...

  7. D. Maximum Diameter Graph 贪心+图论+模拟

    题意:给出n个点的度数列 上限(实际点可以小于该度数列)问可以构造简单路最大长度是多少(n个点要连通 不能有平行边.重边) 思路:直接构造一条长链  先把度数为1的点 和度数大于1的点分开  先把度数 ...

  8. MT【319】分段递推数列

    已知数列$ x_n $满足$ 0<x_1<x_2<\pi $,且\begin{equation*} x_{n+1}= \left\{ \begin{aligned}x_n+\sin ...

  9. Python3 与 C# 并发编程之~ 进程篇

      上次说了很多Linux下进程相关知识,这边不再复述,下面来说说Python的并发编程,如有错误欢迎提出- 如果遇到听不懂的可以看上一次的文章:https://www.cnblogs.com/dot ...

  10. SP687 REPEATS - Repeats

    给定字符串,求重复次数最多的连续重复子串. 题目很简单,被细节坑惨了... 前置的一个推论:请看这里. #include <bits/stdc++.h> using namespace s ...