Generating Certificates for MySQL Server and SSL Client

Last modified: June 26, 2023

To create SSL connection the following three files are required:

Client key - used along with the client certificate to encrypt and decrypt data during a connection
Client certificate
Authority certificate - used to verify identity of a client and a server

You need to specify their location in my.ini file of the MySQL server and on the Security tab of the Database Connection Properties dialog box.

Download OpenSSL. This command line tool is used for creation and management of private keys, public keys, and parameters.
Open the command prompt by using Start -> Run -> cmd and type the following to go to OpenSSL install directory (for example, it is D:\OpenSSL):

d:

cd \openssl
Generate a key file used for authority certificate generation by typing:

openssl genrsa 1024 > ca-key.pem

(This string will create ca-key.pem file)
Generate the authority certificate by typing the following:

openssl req -new -x509 -nodes -days 1000 -key ca-key.pem -config myssl.cnf > ca-cert.pem

(This string will create ca-cert.pem file.)
Generate a key file used for server certificate generation by typing the following:

openssl req -newkey rsa:1024 -days 1000 -nodes -keyout server-key.pem -config myssl.cnf > server-req.pem

(This string will create server-key.pem file.)
Generate the server certificate file by typing the following:

openssl x09 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

(This string will create server-cert.pem file.)
Generate a key file used for client certificate generation by typing the following:

openssl req -newkey rsa:1024 -days 1000 -nodes -keyout client-key.pem -config myssl.cnf > client-req.pem

(This string will create client-key.pem file.)
Generate the client certificate file by typing the following:

openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 client-cert.pem

(This string will create client-cert.pem file.)
Relocate the generated files on your machine if required, and go to the installation directory of the MySQL Server. Open the my.ini file and after [mysqld] line specify the location of the generated files - ca-cert.pem, server-cert.pem, and server-key.pem by typing:

ssl

ssl-ca=”D:/SSL Certificates/ca-cert.pem”

ssl-cert=”D:/SSL Certificates/Server/server-cert.pem”

ssl-key=”D:/SSL Certificates/Server/server-key.pem”
Restart the MySQL Server and check if it supports SSL by opening a new SQL document in dbForge Fusion for MySQL - (on the top menu, select Fusion, click New SQL) and typing the following:

SHOW VARIABLES LIKE ‘have_openssl’

If the server returns YES, you can set up SSL client. If the response is NO or something does not work in the existing configuration, please visit https://dev.mysql.com/doc/ for instructions on how to start up a required server from scratch.

Was this page helpful?

data:image/svg+xml,%3csvg%20width='20'%20height='20'%20viewBox='0%200%2020%2020'%20fill='none'%20xmlns='http://www.w3.org/2000/svg'%3e%3cg%20id='thumb_up'%3e%3cmask%20id='mask0_676_39376'%20style='mask-type:alpha'%20maskUnits='userSpaceOnUse'%20x='0'%20y='0'%20width='20'%20height='20'%3e%3crect%20id='Bounding%20box'%20width='20'%20height='20'%20fill='%23D9D9D9'/%3e%3c/mask%3e%3cg%20mask='url(%23mask0_676_39376)'%3e%3cpath%20id='thumb_up_2'%20d='M15%2017H5.5V7L11.5%201L12.1667%201.45833C12.4028%201.625%2012.5833%201.83681%2012.7083%202.09375C12.8333%202.35069%2012.8681%202.61806%2012.8125%202.89583L12.7917%203L12%207H17.5C17.9167%207%2018.2708%207.14583%2018.5625%207.4375C18.8542%207.72917%2019%208.08333%2019%208.5V9.6875C19%209.79861%2018.9896%209.89931%2018.9688%209.98958C18.9479%2010.0799%2018.9167%2010.1736%2018.875%2010.2708L16.3944%2016.0875C16.2703%2016.3625%2016.0833%2016.5833%2015.8333%2016.75C15.5833%2016.9167%2015.3056%2017%2015%2017ZM7%2015.5H15L17.5%209.6875V8.5H10.1667L11.1875%203.4375L7%207.625V15.5ZM5.5%207V8.5H2.5V15.5H5.5V17H1V7H5.5Z'%20fill='%2327282C'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e

Yes

data:image/svg+xml,%3csvg%20width='20'%20height='20'%20viewBox='0%200%2020%2020'%20fill='none'%20xmlns='http://www.w3.org/2000/svg'%3e%3cg%20id='thumb_down'%3e%3cmask%20id='mask0_676_39381'%20style='mask-type:alpha'%20maskUnits='userSpaceOnUse'%20x='0'%20y='0'%20width='20'%20height='20'%3e%3crect%20id='Bounding%20box'%20width='20'%20height='20'%20fill='%23D9D9D9'/%3e%3c/mask%3e%3cg%20mask='url(%23mask0_676_39381)'%3e%3cpath%20id='thumb_down_2'%20d='M5%203H14.5V13L8.5%2019L7.83333%2018.5417C7.59722%2018.375%207.41667%2018.1632%207.29167%2017.9062C7.16667%2017.6493%207.13194%2017.3819%207.1875%2017.1042L7.20833%2017L8%2013H2.5C2.08333%2013%201.72917%2012.8542%201.4375%2012.5625C1.14583%2012.2708%201%2011.9167%201%2011.5V10.3125C1%2010.2014%201.01042%2010.1007%201.03125%2010.0104C1.05208%209.92014%201.08333%209.82639%201.125%209.72917L3.60417%203.91667C3.71528%203.63889%203.89931%203.41667%204.15625%203.25C4.41319%203.08333%204.69444%203%205%203ZM13%204.5H5L2.5%2010.3125V11.5H9.83333L8.8125%2016.5625L13%2012.375V4.5ZM14.5%2013V11.5H17.5V4.5H14.5V3H19V13H14.5Z'%20fill='%2327282C'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e

Generating Certificates for MySQL Server and SSL Client

Creating SSL Connection Installing and Setting Up SSH Server