设为主页 | 加入收藏 | 繁體中文
当前位置:首页 > 新闻中心 > 行业资讯 > 计算机技巧 > Linux

Linux 下安装支持SSL连接的 Mysql

  1. 安装 OpenSSL:
  下载 OpenSSL Version 0.9.6 (www.openssl.org)
  shell> zcat 0.96l.tar.gz | tar xvf -
  shell> ./config
  shell> make
  shell> make install
  2. 安装 MySQL:
  下载 MySQL Version 4.0.14 Source (mysql-4.0.14.tar.gz)
  shell> groupadd mysql
  shell> useradd -g mysql mysql
  shell> gunzip < mysql-VERSION.tar.gz | tar -xvf -
  shell> cd mysql-VERSION
  shell> ./configure --prefix=/usr/local/mysql --with –openssl --with -vio
  shell> make
  shell> make install
  shell> cp support-files/my-medium.cnf /etc/my.cnf
  shell> cd /usr/local/mysql
  shell> bin/mysql_install_db --user=mysql
  shell> chown -R root .
  shell> chown -R mysql var
  shell> chgrp -R mysql .
  shell> bin/mysqld_safe --user=mysql &
  3. 修改mysql暗码及访问权限 (根据需要。大概造成宁静题目)
  shell> cd /usr/local/mysql/bin/
  shell> ./mysql -u root –p
  mysql> INSERT INTO mysql.user VALUES ('%','root', PASSWORD('1qw23e'),'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0);
  4.   天生SSL证书
  DIR=`pwd`/openssl
  PRIV=$DIR/private
  mkdir $DIR $PRIV $DIR/newcerts
  cp /usr/share/ssl/openssl.cnf $DIR
  replace ./demoCA $DIR -- $DIR/openssl.cnf
  # Create necessary files: $database, $serial and $new_certs_dir
  # directory (optional)
  touch $DIR/index.txt
  echo "01" > $DIR/serial
  # Generation of Certificate Authority(CA)
  openssl req -new -x509 -keyout $PRIV/cakey.pem -out $DIR/cacert.pem \
  -config $DIR/openssl.cnf
  Note : if you were requested to enter "PEM pass", please enter different "PEM pass" in the following steps.
  # Create server request and key
  openssl req -new -keyout $DIR/server-key.pem -out \
  $DIR/server-req.pem -days 3600 -config $DIR/openssl.cnf
  # Remove the passphrase from the key (optional)
  openssl rsa -in $DIR/server-key.pem -out $DIR/server-key.pem
  # Sign server cert
  openssl ca -policy policy_anything -out $DIR/server-cert.pem \
  -config $DIR/openssl.cnf -infiles $DIR/server-req.pem
  # Create client request and key
  openssl req -new -keyout $DIR/client-key.pem -out \
  $DIR/client-req.pem -days 3600 -config $DIR/openssl.cnf
  # Remove a passphrase from the key (optional)
  openssl rsa -in $DIR/client-key.pem -out $DIR/client-key.pem
  # Sign client cert
  openssl ca -policy policy_anything -out $DIR/client-cert.pem \
  -config $DIR/openssl.cnf -infiles $DIR/client-req.pem
  5.   修改选项文件 /etc/my.cnf
  [client]
  ssl-ca=$DIR/cacert.pem
  ssl-cert=$DIR/client-cert.pem
  ssl-key=$DIR/client-key.pem
  [mysqld]
  ssl-ca=$DIR/cacert.pem
  ssl-cert=$DIR/server-cert.pem
  ssl-key=$DIR/server-key.pem
  6. 测试启动mysql
  $DIR 是选项文件my.cnf 的途径
  shell> mysqld --defaults-file=$DIR/my.cnf &
  Then invoke a client program using the same option file:
  shell> mysql --defaults-file=$DIR/my.cnf
  执行以下语句,要是返回以下结果,安装完全成功
  mysql> SHOW VARIABLES LIKE 'have_openssl';
  +---------------+-------+
  | Variable_name | Value |
  +---------------+-------+
  | have_openssl | YES   |
  +---------------+-------+
  7. 启动MySQL daemon
  /usr/local/libexec/mysqld -u mysql &  或者 /usr/local/sbin/mysqld &
 


    文章作者: 福州军威计算机技术有限公司
    军威网络是福州最专业的电脑维修公司,专业承接福州电脑维修、上门维修、IT外包、企业电脑包年维护、局域网网络布线、网吧承包等相关维修服务。
    版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章原始出处 、作者信息和声明。否则将追究法律责任。

TAG:
评论加载中...
内容:
评论者: 验证码:
  
上一篇: 实现Linux操作系统的自动登录
下一篇: 使用Swatch做Linux日志分析

友情链接