Computer >> Computer tutorials >  >> Programming >> MySQL

mysql_ssl_rsa_setup - Create SSL/RSA Files in MySQL

Let us understand mysql_ssl_rsa_setup program −

This program helps create the SSL certificate, key files and the RSA key-pair files that are required to support secure connections with the help of SSL and secure password exchange using RSA over unencrypted connections, if they are missing. The mysql_ssl_rsa_setup program can be used to create new SSL files if the existing ones have expired.

Invoking mysql_ssl_rsa_setup

The mysql_ssl_rsa_setup can be invoked as shown below −

shell> mysql_ssl_rsa_setup [options]

Some of the options include --datadir which is used to specify where to create the files, and the --verbose option to see the ‘openssl’ commands that mysql_ssl_rsa_setup executes.

The ‘mysql_ssl_rsa_setup’ command attempts to create SSL and RSA files with the help of a default set of file names. It works as shown below −

  • The mysql_ssl_rsa_setup checks for the openssl binary at the locations specified by the PATH environment variable. If openssl is not found, mysql_ssl_rsa_setup doesn’t take any action.

  • If openssl is present, mysql_ssl_rsa_setup looks up for the default SSL and RSA files in the MySQL data directory which is specified by the --datadir option, or which could be compiledin data directory if the --datadir option is not provided.

The mysql_ssl_rsa_setup checks the data directory by looking for SSL files with the following names −

ca.pem
server-cert.pem
server-key.pem

If any of the above mentioned files are present, mysql_ssl_rsa_setup creates no SSL files.

Else, it invokes the openssl to create the files, and a few additional files −

ca.pem (It is the self-signed CA certificate)
ca-key.pem (It is the CA private key)
server-cert.pem (It is the server certificate)
server-key.pem (It is the server private key)
client-cert.pem (It is the client certificate)
client-key.pem (It is the client private key)

These files help secure client connections with the help of SSL.

The mysql_ssl_rsa_setup also checks the data directory for RSA files with the names as mentioned below −

private_key.pem (It is the private member of private/public key pair)
public_key.pem (It is the public member of private/public key pair)