LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Enabling SSL in MySQL Replication (have_ssl DISABLED) (https://www.linuxquestions.org/questions/linux-newbie-8/enabling-ssl-in-mysql-replication-have_ssl-disabled-832792/)

ajayan 09-17-2010 06:15 AM
Enabling SSL in MySQL Replication (have_ssl DISABLED)
 
Hi Guys,
I had tried to configure MySQL replication through SSL.As part of it i had modified my servers my.cnf with following contents under [mysqld] section,
ssl-ca=/etc/mysql/cert/ca-cert.pem
ssl-cert=/etc/mysql/cert/server-cert.pem
ssl-key=/etc/mysql/cert/server-key.pem

and i had restarted Mysql.

But still....
mysql> show variables like '%ssl%';
+---------------+----------+
| Variable_name | Value |
+---------------+----------+
| have_openssl | DISABLED |
| have_ssl | DISABLED |

and when i tried , mysqld --ssl --help
root@Server:/etc/mysql/certs# mysqld --ssl --help

100916 7:09:33 [Note] Plugin 'FEDERATED' is disabled.
mysqld Ver 5.1.41-3ubuntu12.6-log for debian-linux-gnu on i486 ((Ubuntu))
Copyright (C) 2000-2008 MySQL AB, by Monty and others
Copyright (C) 2008 Sun Microsystems, Inc.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL license

Starts the MySQL database server

Usage: mysqld [OPTIONS]

For more help options (several pages), use mysqld --verbose --help


How can i enable SSL support in Mysql

Thanks,
Ajayan

quanta 09-17-2010 06:27 AM
How did you generate CA, server and client cert?

ajayan 09-17-2010 06:28 AM
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem
openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem

ajayan 09-17-2010 07:09 AM
When i set just "ssl' in my.cnf,have_openssl and have_ssl is enabled.But whenever i set path for keys in my.cnf,then its showing disabled..

Any suggestion

Ajayan

quanta 09-17-2010 10:17 AM
Quote:
Originally Posted by ajayan (Post 4100459)
Hi Guys,
I had tried to configure MySQL replication through SSL.As part of it i had modified my servers my.cnf with following contents under [mysqld] section,
ssl-ca=/etc/mysql/cert/ca-cert.pem
ssl-cert=/etc/mysql/cert/server-cert.pem
ssl-key=/etc/mysql/cert/server-key.pem

and i had restarted Mysql.

But still....
mysql> show variables like '%ssl%';
+---------------+----------+
| Variable_name | Value |
+---------------+----------+
| have_openssl | DISABLED |
| have_ssl | DISABLED |

and when i tried , mysqld --ssl --help
root@Server:/etc/mysql/certs# mysqld --ssl --help
Which location did you put your CA, server and client cert, /etc/mysql/cert or /etc/mysql/certs? Did you check the /var/log/mysqld.log?

ajayan 09-18-2010 04:25 AM
Thanks for your time,
At last problem resolved.I have to set mysql:mysql permission for the .pem certificates.


Thanks,
Ajayan


All times are GMT -5. The time now is 07:58 AM.