MariaDB SSL: Difference between revisions

From Lolly's Wiki
Jump to navigationJump to search
(Die Seite wurde neu angelegt: „SSL SSL ==Create keys and certificates== <source lang=bash> openssl genrsa 2048 > ca-key.pem openssl req -new -x509…“)
 
m (Text replacement - "[[Kategorie:" to "[[Category:")
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Kategorie:MariaDB|SSL]]
[[Category:MariaDB|SSL]]
[[Kategorie:MySQL|SSL]]
[[Category:MySQL|SSL]]
To be continued!


==Create keys and certificates==
==Create keys and certificates==
<source lang=bash>
<syntaxhighlight lang=bash>
openssl genrsa 2048 > ca-key.pem
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server'
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server'
</source>
</syntaxhighlight>


<source lang=bash>
<syntaxhighlight lang=bash>
openssl req  -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=web-server.domain.de'
openssl req  -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=web-server.domain.de'
openssl rsa      -in client-key.pem                                  -out client-key.pem
openssl rsa      -in client-key.pem                                  -out client-key.pem
openssl x509 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
openssl x509 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
</source>
</syntaxhighlight>


<source lang=bash>
<syntaxhighlight lang=bash>
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server.domain.de'
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server.domain.de'
openssl rsa -in server-key.pem -out server-key.pem
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
</source>
</syntaxhighlight>


<source lang=bash>
<syntaxhighlight lang=bash>
chown mysql:www-data *
chown mysql:www-data *
chown www-data:www-data client-key.pem
chown www-data:www-data client-key.pem
chmod 644 *-cert.pem
chmod 644 *-cert.pem
chmod 600 *-key.pem
chmod 600 *-key.pem
</source>
</syntaxhighlight>


<source lang=php>
<syntaxhighlight lang=php>
# php -r '
# php -r '
   $db = new PDO("mysql:host=db-server.domain.de;dbname=testdb", "ssltestuser", "ssltestuserpassword",  
   $db = new PDO("mysql:host=db-server.domain.de;dbname=testdb", "ssltestuser", "ssltestuserpassword",  
Line 42: Line 43:
   print_r($status);
   print_r($status);
'
'
</source>
</syntaxhighlight>

Latest revision as of 03:27, 26 November 2021

To be continued!

Create keys and certificates

openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server'

openssl req  -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=web-server.domain.de'
openssl rsa       -in client-key.pem                                   -out client-key.pem
openssl x509 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem

openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server.domain.de'
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

chown mysql:www-data *
chown www-data:www-data client-key.pem
chmod 644 *-cert.pem
chmod 600 *-key.pem

# php -r '
  $db = new PDO("mysql:host=db-server.domain.de;dbname=testdb", "ssltestuser", "ssltestuserpassword", 
              array(
                PDO::MYSQL_ATTR_SSL_CA=>"/etc/mysql/ssl/ca-cert.pem",
                PDO::MYSQL_ATTR_SSL_KEY=>"/etc/mysql/ssl/client-key.pem",
                PDO::MYSQL_ATTR_SSL_CERT=>"/etc/mysql/ssl/client-cert.pem",
                PDO::MYSQL_ATTR_SSL_CAPATH=>"/etc/ssl/certs"
              )
          );
  $result = $db->query("SHOW STATUS LIKE \"SSL_%\"");
  $result->execute();
  $status=$result->fetchAll();
  print_r($status);
'
Retrieved from "https://lars.timmann.de/wiki/index.php?title=MariaDB_SSL&oldid=2519"