建立MySQL的SSL连接通道

核心提示：通常我们在编译MySQL(和PHP搭配之最佳组合)的时候都加入了with-openssl选项，但这并不代表MySQL(和PHP搭配之最佳组合)已经支持了OpenSSL连接，建立MySQL的SSL连接通道，我们可以通过如下命令进行检测：SHOW VARIABLES LIKE 'have_openssl'；

通常我们在编译MySQL(和PHP搭配之最佳组合)的时候都加入了with-openssl选项，但这并不代表MySQL(和PHP搭配之最佳组合)已经支持了OpenSSL连接，我们可以通过如下命令进行检测：

SHOW VARIABLES LIKE 'have_openssl'；

如果显示DISABLED则表明MySQL(和PHP搭配之最佳组合)尚不支持OpenSSL.

建立SSL证书

；；建几个目录和文件

mkdir /usr/local/myssl

cd /usr/local/myssl

mkdir private newcerts

touch index.txt

echo "01" > serial

；；拷贝一份OpenSSL的缺省配置到当前目录

cp /usr/local/openssl/openssl.cnf .

；；修改当前目录下的openssl.cnf，将。/demoCA替换为/usr/local/myssl，replace的具体用法见man

replace ./demoCA /usr/local/myssl —— /usr/local/myssl/openssl.cnf

；；建立根证书

openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -config openssl.cnf

# Sample output：

# Using configuration from /usr/local/myssl/openssl.cnf

# Generating a 1024 bit RSA private key

# ……++++++

# ……++++++

# writing new private key to '/usr/local/myssl/private/cakey.pem'

# Enter PEM pass phrase：

# Verifying password - Enter PEM pass phrase：

# ——

# You are about to be asked to enter information that will be

# incorporated into your certificate request.

# What you are about to enter is what is called a Distinguished Name

# or a DN.

# There are quite a few fields but you can leave some blank

# For some fields there will be a default value，

# If you enter '.'， the field will be left blank.

# ——

# Country Name （2 letter code） [AU]：CN

# State or Province Name （full name） [Some-State]：ZJ

# Locality Name （eg， city） []：JX

# Organization Name （eg， company） [Internet Widgits Pty Ltd]：Centeur CA

# Organizational Unit Name （eg， section）[] ：HN

# Common Name （eg， YOUR name）[] ：MySQL(和PHP搭配之最佳组合) admin

# Email Address []：lypdarling@gmail.com

；；建立服务端证书

openssl req -new -keyout server-key.pem -out server-req.pem -days 3600 -config openssl.cnf

# Sample output：

# Using configuration from /usr/local/myssl/openssl.cnf

# Generating a 1024 bit RSA private key

# ……++++++

# ……++++++

# writing new private key to '/usr/local/myssl/server-key.pem'

# Enter PEM pass phrase：

# Verifying password - Enter PEM pass phrase：

# ——

# You are about to be asked to enter information that will be

# incorporated into your certificate request.

# What you are about to enter is what is called a Distinguished Name

# or a DN.

# There are quite a few fields but you can leave some blank

# For some fields there will be a default value，

# If you enter '.'， the field will be left blank.

# ——

# Country Name （2 letter code） [AU]：CN

# State or Province Name （full name） [Some-State]：ZJ

# Locality Name （eg， city） []：JX

# Organization Name （eg， company） [Internet Widgits Pty Ltd]：Centeur CA

# Organizational Unit Name （eg， section） []：HN

# Common Name （eg， YOUR name） []：MySQL(和PHP搭配之最佳组合) server

# Email Address []：lypdarling@gmail.com

#

# Please enter the following 'extra' attributes

# to be sent with your certificate request

# A challenge password []：

# An optional company name []：