Table of Contents
Advertisement
shell>
./configure --with-openssl
Before MySQL 5.0, it was also neccessary to use --with-vio, but that option is no longer
required.
Then compile and install the distribution.
On Unix platforms, yaSSL retrieves true random numbers from either either
/dev/random. Bug#13164 lists workarounds for some very old platforms which do not support
these devices.
3. To check whether a server binary is compiled with SSL support, invoke it with the
option. An error will occur if the server does not support SSL:
shell>
mysqld --ssl --help
060525 14:18:52 [ERROR] mysqld: unknown option '--ssl'
To check whether a running
have_ssl
have_openssl
mysql>
SHOW VARIABLES LIKE 'have_ssl';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_ssl
+---------------+-------+
If the value is YES, the server supports SSL connections. If the value is DISABLED, the server
is capable of supporting SSL connections but was not started with the appropriate
options to enable them to be used; see
6.3.6.3. Using SSL Connections
To enable SSL connections, your MySQL distribution must be built with SSL support, as described
in
Section 6.3.6.2, "Configuring MySQL for
be used to specify the appropriate certificate and key files. For a complete list of SSL options, see
Section 6.3.6.4, "SSL Command
To start the MySQL server so that it permits clients to connect using SSL, use the options that identify
the certificate and key files the server uses when establishing a secure connection:
•
--ssl-ca
•
--ssl-cert
authenticated against the CA certificate that it has.
•
--ssl-key
For example, start the server like this:
shell>
mysqld --ssl-ca=ca-cert.pem \
--ssl-cert=server-cert.pem \
--ssl-key=server-key.pem
Each option names a file in PEM format. For instructions on generating the required SSL certificate and
key files, see
source distribution, you can also test your setup using the demonstration certificate and key files in the
mysql-test/std_data
Similar options are used on the client side, although in this case,
[608]
identify the client public and private key. Note that the Certificate Authority certificate, if
key
specified, must be the same as used by the server.
Using SSL for Secure Connections
mysqld
[455]
system variable (if you have no
[455]):
| YES
|
Options".
[608]
identifies the Certificate Authority (CA) certificate.
[608]
identifies the server public key certificate. This can be sent to the client and
[608]
identifies the server private key.
Section 6.3.6.5, "Setting Up SSL Certificates and Keys for
directory of the distribution.
server supports SSL, examine the value of the
have_ssl
Section 6.3.6.3, "Using SSL
SSL". In addition, the proper SSL-related options must
605
/dev/urandom
--ssl
[455]
variable, check for
--ssl-xxx
Connections".
MySQL". If you have a MySQL
[608]
and
--ssl-cert
or
[607]
--ssl-
Advertisement
Chapters
Table of Contents
Troubleshooting
