MariaDB SSL: Difference between revisions
From Lolly's Wiki
Jump to navigationJump to search
m (Text replacement - "<source" to "<syntaxhighlight") |
m (Text replacement - "</source" to "</syntaxhighlight") |
||
| Line 7: | Line 7: | ||
openssl genrsa 2048 > ca-key.pem | openssl genrsa 2048 > ca-key.pem | ||
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server' | openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server' | ||
</ | </syntaxhighlight> | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
| Line 13: | Line 13: | ||
openssl rsa -in client-key.pem -out client-key.pem | openssl rsa -in client-key.pem -out client-key.pem | ||
openssl x509 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem | openssl x509 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem | ||
</ | </syntaxhighlight> | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
| Line 19: | Line 19: | ||
openssl rsa -in server-key.pem -out server-key.pem | openssl rsa -in server-key.pem -out server-key.pem | ||
openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem | openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem | ||
</ | </syntaxhighlight> | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
| Line 26: | Line 26: | ||
chmod 644 *-cert.pem | chmod 644 *-cert.pem | ||
chmod 600 *-key.pem | chmod 600 *-key.pem | ||
</ | </syntaxhighlight> | ||
<syntaxhighlight lang=php> | <syntaxhighlight lang=php> | ||
| Line 43: | Line 43: | ||
print_r($status); | print_r($status); | ||
' | ' | ||
</ | </syntaxhighlight> | ||
Revision as of 00:00, 26 November 2021
Create keys and certificates
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server'
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=web-server.domain.de'
openssl rsa -in client-key.pem -out client-key.pem
openssl x509 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server.domain.de'
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
chown mysql:www-data *
chown www-data:www-data client-key.pem
chmod 644 *-cert.pem
chmod 600 *-key.pem
# php -r '
$db = new PDO("mysql:host=db-server.domain.de;dbname=testdb", "ssltestuser", "ssltestuserpassword",
array(
PDO::MYSQL_ATTR_SSL_CA=>"/etc/mysql/ssl/ca-cert.pem",
PDO::MYSQL_ATTR_SSL_KEY=>"/etc/mysql/ssl/client-key.pem",
PDO::MYSQL_ATTR_SSL_CERT=>"/etc/mysql/ssl/client-cert.pem",
PDO::MYSQL_ATTR_SSL_CAPATH=>"/etc/ssl/certs"
)
);
$result = $db->query("SHOW STATUS LIKE \"SSL_%\"");
$result->execute();
$status=$result->fetchAll();
print_r($status);
'
