MariaDB SSL: Difference between revisions
No edit summary |
m (Text replacement - "<source" to "<syntaxhighlight") |
||
| Line 4: | Line 4: | ||
==Create keys and certificates== | ==Create keys and certificates== | ||
< | <syntaxhighlight lang=bash> | ||
openssl genrsa 2048 > ca-key.pem | openssl genrsa 2048 > ca-key.pem | ||
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server' | openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server' | ||
</source> | </source> | ||
< | <syntaxhighlight lang=bash> | ||
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=web-server.domain.de' | openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=web-server.domain.de' | ||
openssl rsa -in client-key.pem -out client-key.pem | openssl rsa -in client-key.pem -out client-key.pem | ||
| Line 15: | Line 15: | ||
</source> | </source> | ||
< | <syntaxhighlight lang=bash> | ||
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server.domain.de' | openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server.domain.de' | ||
openssl rsa -in server-key.pem -out server-key.pem | openssl rsa -in server-key.pem -out server-key.pem | ||
| Line 21: | Line 21: | ||
</source> | </source> | ||
< | <syntaxhighlight lang=bash> | ||
chown mysql:www-data * | chown mysql:www-data * | ||
chown www-data:www-data client-key.pem | chown www-data:www-data client-key.pem | ||
| Line 28: | Line 28: | ||
</source> | </source> | ||
< | <syntaxhighlight lang=php> | ||
# php -r ' | # php -r ' | ||
$db = new PDO("mysql:host=db-server.domain.de;dbname=testdb", "ssltestuser", "ssltestuserpassword", | $db = new PDO("mysql:host=db-server.domain.de;dbname=testdb", "ssltestuser", "ssltestuserpassword", | ||
Revision as of 16:52, 25 November 2021
Create keys and certificates
<syntaxhighlight lang=bash> openssl genrsa 2048 > ca-key.pem openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server' </source>
<syntaxhighlight lang=bash> openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=web-server.domain.de' openssl rsa -in client-key.pem -out client-key.pem openssl x509 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem </source>
<syntaxhighlight lang=bash> openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server.domain.de' openssl rsa -in server-key.pem -out server-key.pem openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem </source>
<syntaxhighlight lang=bash> chown mysql:www-data * chown www-data:www-data client-key.pem chmod 644 *-cert.pem chmod 600 *-key.pem </source>
<syntaxhighlight lang=php>
- php -r '
$db = new PDO("mysql:host=db-server.domain.de;dbname=testdb", "ssltestuser", "ssltestuserpassword",
array(
PDO::MYSQL_ATTR_SSL_CA=>"/etc/mysql/ssl/ca-cert.pem",
PDO::MYSQL_ATTR_SSL_KEY=>"/etc/mysql/ssl/client-key.pem",
PDO::MYSQL_ATTR_SSL_CERT=>"/etc/mysql/ssl/client-cert.pem",
PDO::MYSQL_ATTR_SSL_CAPATH=>"/etc/ssl/certs"
)
);
$result = $db->query("SHOW STATUS LIKE \"SSL_%\"");
$result->execute();
$status=$result->fetchAll();
print_r($status);
' </source>
