参考文章:https://blog.csdn.net/johnhill_/article/details/72831932 ,谢谢!

1.安装openssl

下载地址:http://slproweb.com/products/Win32OpenSSL.html

注意:安装完成后,记得配置系统path路径,指到bin目录。

具体路径请根据个人实际情况调整。

在cmd中,输入openssl,看到下图说明成功!

2.添加SSL支持

执行:

show variables like '%ssl%';

如果have_ssl不等于yes,说明还没有支持SSL。

添加SSL支持,打开my.ini文件:

[mysqld]

datadir=D:/app/MariaDB 10.3/data

port=3306

innodb_buffer_pool_size=511M

character-set-server=utf8

event_scheduler=ON

max_connections=1000

ssl

ssl-ca=D:/cert/ca-cert.pem

ssl-cert=D:/cert/server-cert.pem

ssl-key=D:/cert/server-key.pem

[client]

port=3306

plugin-dir=D:/app/MariaDB 10.3/lib/plugin

只需要添加标红行,重启mariadb服务就行。

重启之后再次执行看看have_ssl是否等于yes:

show variables like '%ssl%';

3.建立cert目录

D:\>mkdir cert
D:\>cd cert

4.配置证书

###为注释,蓝色是执行脚本,之下是执行结果。

###CA 私钥

D:\cert>openssl genrsa 2048 > ca-key.pem

Generating RSA private key, 2048 bit long modulus

.........+++++

................................................................................

................................................................................

.........................................................+++++

e is 65537 (0x010001)

###数字证书

D:\cert>openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:CN

Locality Name (eg, city) []:CN

Organization Name (eg, company) [Internet Widgits Pty Ltd]:test

Organizational Unit Name (eg, section) []:COM

Common Name (e.g. server FQDN or YOUR name) []:test.COM

Email Address []:test@test.COM

###服务器端的证书请求文件,A challenge password必须为空

D:\cert>openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout server-key.pem > server-req.pem

Generating a 2048 bit RSA private key

................................................................................

+++++

.....+++++

writing new private key to 'server-key.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:CN

Locality Name (eg, city) []:CN

Organization Name (eg, company) [Internet Widgits Pty Ltd]:test

Organizational Unit Name (eg, section) []:COM

Common Name (e.g. server FQDN or YOUR name) []:test.COM

Email Address []:test@test.COM

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:test.COM

###服务器端的RSA私钥

D:\cert>openssl rsa -in server-key.pem -out server-key.pem

writing RSA key

###服务器端的数字证书

D:\cert>openssl x509 -sha1 -req -in server-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

Signature ok

subject=C = CN, ST = CN, L = CN, O = test, OU = COM, CN = test.COM, emailAddre

ss = test@test.COM

Getting CA Private Key

###客户端的证书请求文件,A challenge password必须为空

D:\cert>openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout client-key.pem > client-req.pem

Generating a 2048 bit RSA private key

.................+++++

.......................................+++++

writing new private key to 'client-key.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:CN

Locality Name (eg, city) []:CN

Organization Name (eg, company) [Internet Widgits Pty Ltd]:test

Organizational Unit Name (eg, section) []:COM

Common Name (e.g. server FQDN or YOUR name) []:test.COM

Email Address []:test@test.COM

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

###客户端的RSA私钥:

D:\cert>openssl rsa -in client-key.pem -out client-key.pem

writing RSA key

###客户端的数字证书

D:\cert>openssl x509 -sha1 -req -in client-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem

Signature ok

subject=C = CN, ST = CN, L = CN, O = test, OU = COM, CN = test.COM, emailAddre

ss = test@test.COM

Getting CA Private Key

5.在my.ini中配置证书

[mysqld]

datadir=D:/app/MariaDB 10.3/data

port=3306

innodb_buffer_pool_size=511M

character-set-server=utf8

event_scheduler=ON

max_connections=1000

ssl

ssl-ca=D:/cert/ca-cert.pem

ssl-cert=D:/cert/server-cert.pem

ssl-key=D:/cert/server-key.pem

[client]

port=3306

plugin-dir=D:/app/MariaDB 10.3/lib/plugin

只需要添加标红行,重启mariadb服务就行。再次执行

show variables like '%ssl%';

返回结果:

文件说明

ca-cert.pem: CA 证书, 用于生成服务器端/客户端的数字证书.

ca-key.pem: CA 私钥, 用于生成服务器端/客户端的数字证书.

server-key.pem: 服务器端的 RSA 私钥

server-req.pem: 服务器端的证书请求文件, 用于生成服务器端的数字证书.

server-cert.pem: 服务器端的数字证书.

client-key.pem: 客户端的 RSA 私钥

client-req.pem: 客户端的证书请求文件, 用于生成客户端的数字证书.

client-cert.pem: 客户端的数字证书.

MariaDB:SSL配置的更多相关文章

  1. 百度CDN 网站SSL 配置

    百度CDN SSL配置步骤 一般从SSL提供商购买到的证书是CRT二进制格式的. 1. 将 CRT 导入到IIS中, 然后从IIS中导出为PFX格式 2. 下载openssl,执行下面命令 提取用户证 ...

  2. Nginx SSL配置过程

    1. 在godaddy购买了UCC SSL(最多5个域名)的SSL证书 2. 设置证书 -- 管理 -- 3. 需要制作证书申请CSR文件(在线工具制作或者openssl命令制作),保存CSR和key ...

  3. ssl配置

    Apache SSL配置 作者: JeremyWei | 可以转载, 但必须以超链接形式标明文章原始出处和作者信息及版权声明网址: http://weizhifeng.net/apache-ssl.h ...

  4. SSL 通信原理及Tomcat SSL 配置

    SSL 通信原理及Tomcat SSL 双向配置 目录1 参考资料 .................................................................. ...

  5. nginx反向代理cas server之1:多个cas server负载均衡配置以及ssl配置

    系统环境采用centOS7 由于cas server不支持session持久化方式的共享,所以请用其他方式代替,例如:组播复制. 为什么不支持session持久化:http://blog.csdn.n ...

  6. centos7邮件服务器SSL配置

    在上篇文章centos7搭建postfix邮件服务器的搭建中我们没有配置SSL,接下来我们在这篇文章中讲讲centos7邮件服务器SSL配置. 1. 创建SSL证书 [root@www ~]# cd ...

  7. 基于【CentOS-7+ Ambari 2.7.0 + HDP 3.0】搭建HAWQ数据仓库 —— MariaDB 安装配置

    一.安装并使用MariaDB作为Ambari.Hive.Hue的存储数据库. yum install mariadb-server mariadb 启动.查看状态,检查mariadb是否成功安装 sy ...

  8. Sahi (2) —— https/SSL配置(102 Tutorial)

    Sahi (2) -- https/SSL配置(102 Tutorial) jvm版本: 1.8.0_65 sahi版本: Sahi Pro 6.1.0 参考来源: Sahi官网 Sahi Quick ...

  9. Nginx SSL配置

    一.SSL 原理 ① 客户端( 浏览器 )发送一个 https 请求给服务器② 服务器要有一套证书,其实就是公钥和私钥,这套证书可以自己生成,也可以向组织申请,服务器会把公钥传输给客户端③ 客户端收到 ...

  10. Tomcat服务器配置https协议(Tomcat HTTPS/SSL 配置)

    通常商用服务器使用https协议需要申请SSL证书,证书都是收费的,价格有贵的有便宜的.它们的区别是发行证书的机构不同,贵的证书机构更权威,证书被浏览器否决的几率更小. 非商业版本可以通过keytoo ...

随机推荐

  1. LOJ3053 十二省联考2019 希望 容斥、树形DP、长链剖分

    传送门 官方题解其实讲的挺清楚了,就是锅有点多-- 一些有启发性的部分分 L=N 一个经典(反正我是不会)的容斥:最后的答案=对于每个点能够以它作为集合点的方案数-对于每条边能够以其两个端点作为集合点 ...

  2. iOS开发基础-九宫格坐标(3)之Xib

    延续iOS开发基础-九宫格坐标(2)的内容,对其进行部分修改. 本部分采用 Xib 文件来创建用于显示图片的 UIView 对象. 一.简单介绍  Xib 和 storyboard 的比较: 1) X ...

  3. mysql8 安装笔记

    环境 redhat6.8 ,官网下载 rpm x64 Bund 安装包 安装 rpm -ivh xxx.rpm 安装一系列的rpm. mysql 会创建 mysql 用户及组./etc/my.cnf ...

  4. mapreduce map 的个数

    在map阶段读取数据前,FileInputFormat会将输入文件分割成split.split的个数决定了map的个数.影响map个数(split个数)的主要因素有: 1) 文件的大小.当块(dfs. ...

  5. Steps to One DP+莫比乌斯反演

    卧槽,这么秀吗??? 暂时留坑...

  6. php之swoole安装与基本使用

    扩展安装: 参考GitHub地址 安装: 1. 使用PHP官方的PECL工具安装 (初学者) pecl install swoole 2. 从源码编译安装 (推荐) git clone https:/ ...

  7. 爬zol村壁纸篇

    # -*- coding: utf-8 -*- # @Author : Jackzz import requests,os from pyquery import PyQuery as pq def ...

  8. LDOOP ADD_PRINT_TEXT多页项

    纯文本打印(ADD_PRINT_TEXT)项超过宽度且高度不够的情况下,不会隐藏后面的内容,而是会分到下一页.分页数量和每页显示内容多少 和设置的纯文本打印项高度有关.LODOP.SET_PRINT_ ...

  9. WinForm登录验证

    概述:输错三次禁止登陆,15分钟后才能继续. 图示: Form1代码: using System; using System.Configuration; using System.Data.SqlC ...

  10. 题解-洛谷P1303 A*B Problem(高精)

    https://www.luogu.org/problemnew/show/P1303(题目传送门) 看到数据范围,显然要用高精度算法(乘法). 首先用字符串读下这最多达10^2000的数,并判断符号 ...