建立MySQL的SSL连接通道

核心提示： ；；移除server-key中的passphrase（可选）openssl rsa -in server-key.pem -out server-key.pem；；签署服务端证书openssl ca -policy policy_anything -out server-cert.pem -config openss

；；移除server-key中的passphrase（可选）

openssl rsa -in server-key.pem -out server-key.pem

；；签署服务端证书

openssl ca -policy policy_anything -out server-cert.pem -config openssl.cnf -infiles server-req.pem

# Sample output：

# Using configuration from /usr/local/myssl/openssl.cnf # Enter PEM pass phrase：

# Check that the request matches the signature

# Signature ok

# The Subjects Distinguished Name is as follows

# countryName ：PRINTABLE：'CN'

# organizationName ：PRINTABLE：'Centeur CA'

# commonName ：PRINTABLE：'MySQL(和PHP搭配之最佳组合) admin'

# Certificate is to be certified until May 18 16：05：46 2006 GMT

# （365 days）

# Sign the certificate？ [y/n]：y

#

#

# 1 out of 1 certificate requests certified， commit？ [y/n]y

# Write out database with 1 new entries

# Data Base Updated

；；建立客户端证书

openssl req -new -keyout client-key.pem -out client-req.pem -days 3600 -config openssl.cnf

# Sample output：

# Using configuration from /usr/local/myssl/openssl.cnf

# Generating a 1024 bit RSA private key

# ……++++++

# ……++++++

# writing new private key to '/usr/local/myssl/client-key.pem'

# Enter PEM pass phrase：

# Verifying password - Enter PEM pass phrase：

# ——

# You are about to be asked to enter information that will be

# incorporated into your certificate request.

# What you are about to enter is what is called a Distinguished Name

# or a DN.

# There are quite a few fields but you can leave some blank # For some fields there will be a default value，

# If you enter '.'， the field will be left blank.

# ——# Country Name （2 letter code） [AU]：CN

# State or Province Name （full name） [Some-State]：ZJ

# Locality Name （eg， city） []：JX

# Organization Name （eg， company） [Internet Widgits Pty Ltd]：Centeur CA

# Organizational Unit Name （eg， section） []：HN

# Common Name （eg， YOUR name） []：MySQL(和PHP搭配之最佳组合) user

# Email Address []：lypdarling@gmail.com

#

# Please enter the following 'extra' attributes

# to be sent with your certificate request

# A challenge password []：

# An optional company name []：