Mysql 5.7
安装目录:/usr/local/mysql
1. 生成证书文件
/usr/local/mysql/mysql_ssl_rsa_setup --datadir=/usr/local/mysql/conf
2. 安装证书
vi /usr/local/mysql/conf/my.cnf
ssl-ca=/usr/local/mysql/conf/ca.pem
ssl-cert=/usr/local/mysql/conf/server-cert.pem
ssl-key=/usr/local/mysql/conf/server-key.pem
3. 测试是否工作
mysql -uroot -p --ssl-ca=/usr/local/mysql/conf/ca.pem
mysql> \s;
--------------
mysql Ver 14.14 Distrib 5.7.26, for linux-glibc2.12 (x86_64) using EditLine wrapper
Connection id: 5375
Current database:
Current user: root@localhost
SSL: Cipher in use is DHE-RSA-AES256-SHA
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.7.26 MySQL Community Server (GPL)
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8
Conn. characterset: utf8
UNIX socket: /usr/local/mysql/mysql.sock
Uptime: 3 days 17 hours 15 min 47 sec
Threads: 7 Questions: 58943 Slow queries: 0 Opens: 527 Flush tables: 1 Open tables: 433 Queries per second avg: 0.183
--------------
红色表示已工作。
mysql> show variables like '%ssl%';
+---------------+---------------------------------------+
| Variable_name | Value |
+---------------+---------------------------------------+
|
have_openssl | YES |
|
have_ssl | YES |
| ssl_ca | /usr/local/mysql/conf/ca.pem |
| ssl_capath | |
| ssl_cert | /usr/local/mysql/conf/server-cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | /usr/local/mysql/conf/server-key.pem |
+---------------+---------------------------------------+
9 rows in set (0.02 sec)
红色表示已开启SSL连接
4. JConnect连接方式
-- 生成JKS文件
keytool -import -alias serverCACert -file ca.pem -keystore ca-keystore
keytool -import -alias client-key -file client-cert.pem -keystore client-keystore
JDBC示例:
Class.forName("com.mysql.jdbc.Driver");
Properties info = new Properties();
info.put("user","root");
info.put("password","1!Admin");
info.put("clientCertificateKeyStoreType","JKS");
info.put("clientCertificateKeyStoreUrl","file:///usr/local/mysql/conf/client-keystore");
info.put("clientCertificateKeyStorePassword","123456");
info.put("trustCertificateKeyStoreType","JKS");
info.put("trustCertificateKeyStoreUrl","file:///usr/local/mysql/conf/ca-keystore");
info.put("trustCertificateKeyStorePassword","123456");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/lesson_test?" +
"useUnicode=true&characterEncoding=UTF-8&useOldAliasMetadataBehavior=true" +
"&useSSL=true&verifyServerCertificate=true", info);
System.out.println(con);
c3p0配置
<bean id="paygateDataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close" lazy-init="true">
<property name="driverClass" value="com.mysql.jdbc.Driver" />
<property name="jdbcUrl" value="jdbc:mysql://127.0.0.1/lesson_test?seUnicode=true&characterEncoding=utf-8&useSSL=true&verifyServerCertificate=true"/>
<property name="properties">
<props>
<prop key="user">root</prop>
<prop key="password">1!Admin</prop>
<prop key="clientCertificateKeyStoreType">JKS</prop>
<prop key="clientCertificateKeyStoreUrl">file:///usr/local/mysql/conf/client-keystore</prop>
<prop key="clientCertificateKeyStorePassword">123456</prop>
<prop key="trustCertificateKeyStoreType">JKS</prop>
<prop key="trustCertificateKeyStoreUrl">file:///usr/local/mysql/conf/ca-keystore</prop>
<prop key="trustCertificateKeyStorePassword">123456</prop>
</props>
</property>
</bean>
Druid配置
DruidDataSource ds = new DruidDataSource();
ds.setUrl("jdbc:mysql://localhost:3306/lesson_test?useUnicode=true&characterEncoding=UTF-8&useOldAliasMetadataBehavior=true&useSSL=true&verifyServerCertificate=true");
ds.setUsername("root");
ds.setPassword("1!Admin");
ds.setDriverClassName("com.mysql.jdbc.Driver");
ds.setLoginTimeout(3);
ds.setPhyTimeoutMillis(3000);
ds.setQueryTimeout(25);
ds.setConnectionErrorRetryAttempts(3);
ds.setMaxWait(3000);
ds.getConnectProperties().put("clientCertificateKeyStoreType","JKS");
ds.getConnectProperties().put("clientCertificateKeyStoreUrl","file:///usr/local/mysql/conf/client-keystore");
ds.getConnectProperties().put("clientCertificateKeyStorePassword","123456");
ds.getConnectProperties().put("trustCertificateKeyStoreType","JKS");
ds.getConnectProperties().put("trustCertificateKeyStoreUrl","file:///usr/local/mysql/conf/ca-keystore");
ds.getConnectProperties().put("trustCertificateKeyStorePassword","123456");
DruidPooledConnection con = ds.getConnection();
System.out.println(con);
分享到:
相关推荐
本文给大家分享的是如何配置MySQL支持SSL连接方式的方法以及在docker中配置的具体案例,有需要的小伙伴可以参考下
mysql+ssl配置文档 mysql+ssl配置文档 mysql+ssl配置文档
MySQL 8.0开启SSL
JDBC连接Mysql数据库案例,共有两个表,分装好了JDBC连接的步骤代码
本文给大家分享的是如何给mysql配置SSL主从复制的具体方法,分别给出了5.6和5.7两个版本的实例,希望大家能够喜欢
在MySQL的主从复制中,其传输过程是明文传输,并不能保证数据的安全性,在编译安装Mysql时,基本上都会加上一个 --with-openssl这样的选项,即表示支openssl加密传输协议,因此就可以为mysql配置基于ssl加密传输
— mysql ssl 生成秘钥 1 check ssl是否已经开启 mysql> show variables like ‘%ssl%’; +—————+———-+ | Variable_name | Value | +—————+———-+ | have_openssl | DISABLED | | have_ssl | ...
当mysql跨越互联网进行复制时别人可以窃取到mysql的复制信息,这些信息是明文的,因此存在不安全性,这里通过ssl对复制的信息进行加密。当在客户没有固定ip而要访问服务器时,mysql要允许任意地址的访问,服务端和...
According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the ...
Apache+MySQL+SVN+SSL(最终文档)
Java连接MySQL数据库的驱动程序,亲测可用,如果配置连接property文件,url=jdbc:mysql://localhost:3306/ICN?useSSL=false 添加usessl=false的原因 原因是MySQL在高版本需要指明是否进行SSL连接
使用SSL加密MySQL的连接,可以大大提高数据库的安全性。 新的密码安全策略,禁止使用一些常见的、易猜测的密码。 增加了更多的审计和监控功能,方便企业更好地监督数据库的安全情况。 MySQL 5.7.17不仅拥有更好的...
弱哈希算法签名的SSL证书(CVE-2004-2761)。 远程服务使用SSL证书链,该证书链已使用加密弱哈希算法(例如MD2、MD4、MD5或SHA1)签名。这些签名算法很容易受到碰撞攻击。攻击者可以利用这一点生成另一个具有相同数字...
Jira+Mysql5.7会报引擎问题,因为JIRA匹配到5.6版本,解决方案是更新链接客户端, 使用方法:解压后把文件放入/opt/atlassian/jira/atlassian-jira/WEB-INF/lib/目录
PHP开发环境(apache_2.2.4-win32-x86-no_ssl,mysql-5.5.20-win32,php-5.6.32-Win32-VC11-x86),下载之后解压就行,教程地址http://blog.csdn.net/zx1091515459/article/details/78449581