参考文章:https://blog.csdn.net/johnhill_/article/details/72831932 ,谢谢!

1.安装openssl

下载地址:http://slproweb.com/products/Win32OpenSSL.html

注意:安装完成后,记得配置系统path路径,指到bin目录。

具体路径请根据个人实际情况调整。

在cmd中,输入openssl,看到下图说明成功!

2.添加SSL支持

执行:

show variables like '%ssl%';

如果have_ssl不等于yes,说明还没有支持SSL。

添加SSL支持,打开my.ini文件:

[mysqld]

datadir=D:/app/MariaDB 10.3/data

port=3306

innodb_buffer_pool_size=511M

character-set-server=utf8

event_scheduler=ON

max_connections=1000

ssl

ssl-ca=D:/cert/ca-cert.pem

ssl-cert=D:/cert/server-cert.pem

ssl-key=D:/cert/server-key.pem

[client]

port=3306

plugin-dir=D:/app/MariaDB 10.3/lib/plugin

只需要添加标红行,重启mariadb服务就行。

重启之后再次执行看看have_ssl是否等于yes:

show variables like '%ssl%';

3.建立cert目录

D:\>mkdir cert
D:\>cd cert

4.配置证书

###为注释,蓝色是执行脚本,之下是执行结果。

###CA 私钥

D:\cert>openssl genrsa 2048 > ca-key.pem

Generating RSA private key, 2048 bit long modulus

.........+++++

................................................................................

................................................................................

.........................................................+++++

e is 65537 (0x010001)

###数字证书

D:\cert>openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:CN

Locality Name (eg, city) []:CN

Organization Name (eg, company) [Internet Widgits Pty Ltd]:test

Organizational Unit Name (eg, section) []:COM

Common Name (e.g. server FQDN or YOUR name) []:test.COM

Email Address []:test@test.COM

###服务器端的证书请求文件,A challenge password必须为空

D:\cert>openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout server-key.pem > server-req.pem

Generating a 2048 bit RSA private key

................................................................................

+++++

.....+++++

writing new private key to 'server-key.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:CN

Locality Name (eg, city) []:CN

Organization Name (eg, company) [Internet Widgits Pty Ltd]:test

Organizational Unit Name (eg, section) []:COM

Common Name (e.g. server FQDN or YOUR name) []:test.COM

Email Address []:test@test.COM

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:test.COM

###服务器端的RSA私钥

D:\cert>openssl rsa -in server-key.pem -out server-key.pem

writing RSA key

###服务器端的数字证书

D:\cert>openssl x509 -sha1 -req -in server-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

Signature ok

subject=C = CN, ST = CN, L = CN, O = test, OU = COM, CN = test.COM, emailAddre

ss = test@test.COM

Getting CA Private Key

###客户端的证书请求文件,A challenge password必须为空

D:\cert>openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout client-key.pem > client-req.pem

Generating a 2048 bit RSA private key

.................+++++

.......................................+++++

writing new private key to 'client-key.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:CN

Locality Name (eg, city) []:CN

Organization Name (eg, company) [Internet Widgits Pty Ltd]:test

Organizational Unit Name (eg, section) []:COM

Common Name (e.g. server FQDN or YOUR name) []:test.COM

Email Address []:test@test.COM

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

###客户端的RSA私钥:

D:\cert>openssl rsa -in client-key.pem -out client-key.pem

writing RSA key

###客户端的数字证书

D:\cert>openssl x509 -sha1 -req -in client-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem

Signature ok

subject=C = CN, ST = CN, L = CN, O = test, OU = COM, CN = test.COM, emailAddre

ss = test@test.COM

Getting CA Private Key

5.在my.ini中配置证书

[mysqld]

datadir=D:/app/MariaDB 10.3/data

port=3306

innodb_buffer_pool_size=511M

character-set-server=utf8

event_scheduler=ON

max_connections=1000

ssl

ssl-ca=D:/cert/ca-cert.pem

ssl-cert=D:/cert/server-cert.pem

ssl-key=D:/cert/server-key.pem

[client]

port=3306

plugin-dir=D:/app/MariaDB 10.3/lib/plugin

只需要添加标红行,重启mariadb服务就行。再次执行

show variables like '%ssl%';

返回结果:

文件说明

ca-cert.pem: CA 证书, 用于生成服务器端/客户端的数字证书.

ca-key.pem: CA 私钥, 用于生成服务器端/客户端的数字证书.

server-key.pem: 服务器端的 RSA 私钥

server-req.pem: 服务器端的证书请求文件, 用于生成服务器端的数字证书.

server-cert.pem: 服务器端的数字证书.

client-key.pem: 客户端的 RSA 私钥

client-req.pem: 客户端的证书请求文件, 用于生成客户端的数字证书.

client-cert.pem: 客户端的数字证书.

MariaDB:SSL配置的更多相关文章

  1. 百度CDN 网站SSL 配置

    百度CDN SSL配置步骤 一般从SSL提供商购买到的证书是CRT二进制格式的. 1. 将 CRT 导入到IIS中, 然后从IIS中导出为PFX格式 2. 下载openssl,执行下面命令 提取用户证 ...

  2. Nginx SSL配置过程

    1. 在godaddy购买了UCC SSL(最多5个域名)的SSL证书 2. 设置证书 -- 管理 -- 3. 需要制作证书申请CSR文件(在线工具制作或者openssl命令制作),保存CSR和key ...

  3. ssl配置

    Apache SSL配置 作者: JeremyWei | 可以转载, 但必须以超链接形式标明文章原始出处和作者信息及版权声明网址: http://weizhifeng.net/apache-ssl.h ...

  4. SSL 通信原理及Tomcat SSL 配置

    SSL 通信原理及Tomcat SSL 双向配置 目录1 参考资料 .................................................................. ...

  5. nginx反向代理cas server之1:多个cas server负载均衡配置以及ssl配置

    系统环境采用centOS7 由于cas server不支持session持久化方式的共享,所以请用其他方式代替,例如:组播复制. 为什么不支持session持久化:http://blog.csdn.n ...

  6. centos7邮件服务器SSL配置

    在上篇文章centos7搭建postfix邮件服务器的搭建中我们没有配置SSL,接下来我们在这篇文章中讲讲centos7邮件服务器SSL配置. 1. 创建SSL证书 [root@www ~]# cd ...

  7. 基于【CentOS-7+ Ambari 2.7.0 + HDP 3.0】搭建HAWQ数据仓库 —— MariaDB 安装配置

    一.安装并使用MariaDB作为Ambari.Hive.Hue的存储数据库. yum install mariadb-server mariadb 启动.查看状态,检查mariadb是否成功安装 sy ...

  8. Sahi (2) —— https/SSL配置(102 Tutorial)

    Sahi (2) -- https/SSL配置(102 Tutorial) jvm版本: 1.8.0_65 sahi版本: Sahi Pro 6.1.0 参考来源: Sahi官网 Sahi Quick ...

  9. Nginx SSL配置

    一.SSL 原理 ① 客户端( 浏览器 )发送一个 https 请求给服务器② 服务器要有一套证书,其实就是公钥和私钥,这套证书可以自己生成,也可以向组织申请,服务器会把公钥传输给客户端③ 客户端收到 ...

  10. Tomcat服务器配置https协议(Tomcat HTTPS/SSL 配置)

    通常商用服务器使用https协议需要申请SSL证书,证书都是收费的,价格有贵的有便宜的.它们的区别是发行证书的机构不同,贵的证书机构更权威,证书被浏览器否决的几率更小. 非商业版本可以通过keytoo ...

随机推荐

  1. VisualStudio2017下ASP.NET CORE的TagHelper智能提示不能使用的解决办法

    之前在VS2017RC中就发现该问题,安装了依赖,但是前段一直点不出来asp-for,后来查了发行说明, 才知道在VS2017rc中暂时无法解决,所以一直等到VS2017正式版的发布,急冲冲的装好, ...

  2. C#中字节数组(byte[])和字符串相互转换

    转换过程主要使用到System.Text.Encoding命名空间下的类 1. 字符串转换成字节数组byte[]: string str = "This is test string&quo ...

  3. RabbitMQ学习笔记一:本地Windows环境安装RabbitMQ Server

    一:安装RabbitMQ需要先安装Erlang语言开发包,百度网盘地址:http://pan.baidu.com/s/1jH8S2u6.直接下载地址:http://erlang.org/downloa ...

  4. jexus部署webapi或mvc报错处理

    1路径错误:因为Windows和Linux的路径问题大小写问题. 解决: 修改jexus下的jws把export MONO_IOMAP=all注释去掉放出来. 2, 解决: 卸载

  5. IDEA设置本地maven仓库

    IDEA设置本地maven仓库 1.下载apache-maven-3.3.9,解压 2.在系统”环境变量“,”系统变量“设置MVN_HOME,如图: 3.在PATH设置,如: %M2_HOME%\bi ...

  6. PhotoShop不用魔棒、钢笔 建立较平整的选区 P进电脑屏幕里

    不用魔棒.抽出.钢笔等,还可以直接变形图建立调整选区,这种方法比钢笔抽出感觉简单一些,比魔棒仔细一些. 抽出或钢笔:抽出弄错了偏移了还要擦除,调整笔刷,抽出后可能还有毛边,需要用橡皮擦除: 钢笔,错了 ...

  7. java基础1之引用数据类型

    5种引用类型(对象类型) 类 接口 数组 枚举 标注 类 类在JVM的内存空间的存储 (1). Heap 堆空间:分配对象 new Student() 存放引用数据类型的实例 (2). Stack 栈 ...

  8. Windows下Redis的安装和部署

    Redis 简介 Redis 是完全开源免费的,遵守BSD协议,是一个高性能的key-value数据库. Redis 与其他 key - value 缓存产品有以下三个特点: Redis支持数据的持久 ...

  9. UOJ#348 州区划分

    解:有一个很显然的状压...... 就设f[s]表示选的点集为s的时候所有方案的权值和. 于是有f[s] = f[s \ t] * (sum[t] / sum[s])P. 这枚举子集是3n的. 然后发 ...

  10. java 发送 mail 纯文本发送和html格式发送

    一:需要引入mail maven jar包 <!--邮件发送包--> <dependency> <groupId>javax.mail</groupId> ...