Oracle 5.0 Reference Manual page 1911

MySQL Server uses the PEM format for certificates and private keys. This tutorial will use the test
certificates from the server test suite by way of example. You can obtain the MySQL Server source
code from MySQL Downloads. The certificates can be found in the directory
std_data.
To carry out the steps in this tutorial, you must have Open SSL installed. This can be downloaded for
Microsoft Windows at no charge from
Further details on the connection string options used in this tutorial can be found at
"Connector/Net Connection String Options
Configuring the MySQL Server to use SSL
1. In the MySQL Server configuration file, set the SSL parameters as follows:
ssl-ca=path/to/repo/mysql-test/std_data/cacert.pem
ssl-cert=path/to/repo/mysql-test/std_data/server-cert.pem
ssl-key=path/to/repo/mysql-test/std_data/server-key.pem
Adjust the directories according to the location in which you installed the MySQL source code.
2. In this step you create a test user and set the user to require SSL.
Using the MySQL Command-Line Client, connect as
3. To set privileges and requirements, issue the following command:
GRANT ALL PRIVILEGES ON *.* TO sslclient@'%' REQUIRE SSL;
Creating a certificate file to use with the .NET client
1. The .NET client does not use the PEM file format, as .NET does not support this format natively.
You will be using test client certificates from the same server repository, for the purposes of
this example. Convert these to PFX format first. This format is also known as PKCS#12. An
article describing this procedure can be found at the
repository-root/mysql-test/std_data, issue the following command:
openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -certfile cacert.pem -out client.pf
2. When asked for an export password, enter the password "pass". The file
generated. This file is used in the remainder of the tutorial.
Connecting to the server using a file-based certificate
1. You will use PFX file,
following example demonstrates how to connect using the
CertificatePassword
using (MySqlConnection connection = new MySqlConnection(
"database=test;user=sslclient;" +
"CertificateFile=H:\\bzr\\mysql-trunk\\mysql-test\\std_data\\client.pfx" +
"CertificatePassword=pass;" +
"SSL Mode=Required "))
{
connection.Open();
}
The path to the certificate file will need to be changed to reflect your individual installation.
Connecting to the server using a store-based certificate
1. The first step is to import the PFX file, client.pfx, into the Personal Store. Double-click the file in
Windows explorer. This launches the Certificate Import Wizard.
2. Follow the steps dictated by the wizard, and when prompted for the password for the PFX file, enter
"pass".
Connector/Net Tutorials
Shining Light
Reference".
you created in the previous step to authenticate the client. The
client.pfx
connection string options:
1891
./mysql-test/
Productions.
and create the user sslclient.
root
Citrix website. From the directory
client.pfx
SSL Mode, CertificateFile
Section 20.2.6,
server-
will be
and