建立MySQL的SSL连接通道

核心提示： ；；移除client-key中的passphrase（可选）openssl rsa -in client-key.pem -out client-key.pem；；签署客户端证书openssl ca -policy policy_anything -out client-cert.pem -config openss

；；移除client-key中的passphrase（可选）

openssl rsa -in client-key.pem -out client-key.pem

；；签署客户端证书

openssl ca -policy policy_anything -out client-cert.pem -config openssl.cnf -infiles client-req.pem

# Sample output：

# Using configuration from /usr/local/myssl/openssl.cnf

# Enter PEM pass phrase：

# Check that the request matches the signature

# Signature ok

# The Subjects Distinguished Name is as follows

# countryName ：PRINTABLE：'CN'

# organizationName ：PRINTABLE：'Centeur CA'

# commonName ：PRINTABLE：'MySQL(和PHP搭配之最佳组合) user'

# Certificate is to be certified until May 18 16：08：20 2006 GMT

# （365 days）

# Sign the certificate？ [y/n]：y

#

#

# 1 out of 1 certificate requests certified， commit？ [y/n]y

# Write out database with 1 new entries

# Data Base Updated

修改/etc/my.cnf，添加如下内容：

[client]

ssl-ca=/usr/local/myssl/cacert.pem

ssl-cert=/usr/local/myssl/client-cert.pem

ssl-key=/usr/local/myssl/client-key.pem

[MySQL(和PHP搭配之最佳组合)d]

ssl-ca=/usr/local/myssl/cacert.pem

ssl-cert=/usr/local/myssl/server-cert.pem

ssl-key=/usr/local/myssl/server-key.pem

重启MySQL(和PHP搭配之最佳组合)服务

/usr/local/etc/rc.d/MySQL(和PHP搭配之最佳组合)-server restart