Generating Certificates for MySQL Server and SSL Client
Last modified: June 26, 2023
To create SSL connection the following three files are required:
- Client key - used along with the client certificate to encrypt and decrypt data during a connection
- Client certificate
- Authority certificate - used to verify identity of a client and a server
You need to specify their location in my.ini file of the MySQL server and on the Security tab of the Database Connection Properties dialog box.
- Download OpenSSL. This command line tool is used for creation and management of private keys, public keys, and parameters.
- Open the command prompt by using Start -> Run -> cmd and type the following to go to OpenSSL install directory (for example, it is D:\OpenSSL):
d:
cd \openssl
- Generate a key file used for authority certificate generation by typing:
openssl genrsa 1024 > ca-key.pem
(This string will create ca-key.pem file)
- Generate the authority certificate by typing the following:
openssl req -new -x509 -nodes -days 1000 -key ca-key.pem -config myssl.cnf > ca-cert.pem
(This string will create ca-cert.pem file.)
- Generate a key file used for server certificate generation by typing the following:
openssl req -newkey rsa:1024 -days 1000 -nodes -keyout server-key.pem -config myssl.cnf > server-req.pem
(This string will create server-key.pem file.)
- Generate the server certificate file by typing the following:
openssl x09 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
(This string will create server-cert.pem file.)
- Generate a key file used for client certificate generation by typing the following:
openssl req -newkey rsa:1024 -days 1000 -nodes -keyout client-key.pem -config myssl.cnf > client-req.pem
(This string will create client-key.pem file.)
- Generate the client certificate file by typing the following:
openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 client-cert.pem
(This string will create client-cert.pem file.)
-
Relocate the generated files on your machine if required, and go to the installation directory of the MySQL Server. Open the my.ini file and after [mysqld] line specify the location of the generated files - ca-cert.pem, server-cert.pem, and server-key.pem by typing:
ssl
ssl-ca=”D:/SSL Certificates/ca-cert.pem”
ssl-cert=”D:/SSL Certificates/Server/server-cert.pem”
ssl-key=”D:/SSL Certificates/Server/server-key.pem”
-
Restart the MySQL Server and check if it supports SSL by opening a new SQL document in dbForge Query Builder for MySQL - (in the top menu, select SQL expanding the New node of the File menu) and typing the following:
SHOW VARIABLES LIKE have_openssl
'%3e%3cpath%20id='thumb_up_2'%20d='M15%2017H5.5V7L11.5%201L12.1667%201.45833C12.4028%201.625%2012.5833%201.83681%2012.7083%202.09375C12.8333%202.35069%2012.8681%202.61806%2012.8125%202.89583L12.7917%203L12%207H17.5C17.9167%207%2018.2708%207.14583%2018.5625%207.4375C18.8542%207.72917%2019%208.08333%2019%208.5V9.6875C19%209.79861%2018.9896%209.89931%2018.9688%209.98958C18.9479%2010.0799%2018.9167%2010.1736%2018.875%2010.2708L16.3944%2016.0875C16.2703%2016.3625%2016.0833%2016.5833%2015.8333%2016.75C15.5833%2016.9167%2015.3056%2017%2015%2017ZM7%2015.5H15L17.5%209.6875V8.5H10.1667L11.1875%203.4375L7%207.625V15.5ZM5.5%207V8.5H2.5V15.5H5.5V17H1V7H5.5Z'%20fill='%2327282C'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Yes'%3e%3cpath%20id='thumb_down_2'%20d='M5%203H14.5V13L8.5%2019L7.83333%2018.5417C7.59722%2018.375%207.41667%2018.1632%207.29167%2017.9062C7.16667%2017.6493%207.13194%2017.3819%207.1875%2017.1042L7.20833%2017L8%2013H2.5C2.08333%2013%201.72917%2012.8542%201.4375%2012.5625C1.14583%2012.2708%201%2011.9167%201%2011.5V10.3125C1%2010.2014%201.01042%2010.1007%201.03125%2010.0104C1.05208%209.92014%201.08333%209.82639%201.125%209.72917L3.60417%203.91667C3.71528%203.63889%203.89931%203.41667%204.15625%203.25C4.41319%203.08333%204.69444%203%205%203ZM13%204.5H5L2.5%2010.3125V11.5H9.83333L8.8125%2016.5625L13%2012.375V4.5ZM14.5%2013V11.5H17.5V4.5H14.5V3H19V13H14.5Z'%20fill='%2327282C'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
No'%3e%3cpath%20id='Vector'%20d='M4%204V24H24V4H4ZM22%2022H6V9H22V22ZM19%2019H9V18H19V19ZM19%2016H9V15H19V16ZM19%2013H9V12H19V13ZM21%202H2V21H0V0H21V2Z'%20fill='%230071CE'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_676_40052'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
