Linux下安装支持SSL连接的Mysql

[原创]Linux下安装支持SSL连接的Mysql
文章标题:[原创]Linux下安装支持SSL连接的Mysql顶部 zhouzhen 发布于:2006-01-1111:07 [楼主][原创]Linux下安装支持SSL连接的Mysql
文章作者：zhouzhen[E.S.T]
信息来源：邪恶八进制信息安全团队（https://www.360docs.net/doc/a17150447.html,）


转载请注明出处。

1.安装OpenSSL:
下载OpenSSLVersion0.9.6(https://www.360docs.net/doc/a17150447.html,)

shell>zcat0.96l.tar.gz|tarxvf-
shell>./config
shell>make
shell>makeinstall

2.安装MySQL:
下载MySQLVersion4.0.14Source(mysql-4.0.14.tar.gz)

shell>groupaddmysql
shell>useradd-gmysqlmysql

shell>gunzipshell>cdmysql-VERSION

shell>./configure--prefix=/usr/local/mysql--with–openssl--with-vio
shell>make
shell>makeinstall
shell>cpsupport-files/https://www.360docs.net/doc/a17150447.html,f/etc/https://www.360docs.net/doc/a17150447.html,f
shell>cd/usr/local/mysql
shell>bin/mysql_install_db--user=mysql
shell>chown-Rroot.
shell>chown-Rmysqlvar
shell>chgrp-Rmysql.

shell>bin/mysqld_safe--user=mysql&

3.修改mysql密码及访问权限　(根据需要。可能造成安全问题)

shell>　cd/usr/local/mysql/bin/
shell>　./mysql-uroot–p

mysql>　https://www.360docs.net/doc/a17150447.html,erVALUES('%','root',PASSWORD('1qw23e'),'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0);

4. 生成SSL证书

DIR=`pwd`/openssl
PRIV=$DIR/private

mkdir$DIR$PRIV$DIR/newcerts
cp/usr/share/ssl/https://www.360docs.net/doc/a17150447.html,f$DIR
replace./demoCA$DIR--$DIR/https://www.360docs.net/doc/a17150447.html,f

#Createnecessaryfiles:$database,$serialand$new_certs_dir
#directory(optional)

touch$DIR/index.txt
echo"01">$DIR/serial

#GenerationofCertificateAuthority(CA)
opensslreq-new-x509-keyout$PRIV/cakey.pem-out$DIR/cacert.pem\
-config$DIR/https://www.360docs.net/doc/a17150447.html,f

Note:ifyouwererequestedtoenter"PEMpass",pleaseenterdifferent"PEMpass"inthefollowingsteps.

#Createserverrequestandkey
opensslreq-new-keyout$DIR/server-key.pem-out\
$DIR/server-req.pem-days3600-config$DIR/https://www.360docs.net/doc/a17150447.html,f

#Removethepassphrasefromthekey(optional)
opensslrsa-in$DIR/server-key.pem-out$DIR/server-key.pem

#Signservercert
opensslca-policypolicy_anything-out$DIR/server-cert.pem\
-config$DIR/https://www.360docs.net/doc/a17150447.html,f-infiles$DIR/server-req.pem

#Createclientrequestandkey
opensslreq-new-keyout$DIR/client-key.pem-out\
$DIR/client-req.pem-days3600-config$DIR/https://www.360docs.net/doc/a17150447.html,f

#Removeapassphrasefromthekey(optional)
opensslrsa-in$DIR/client-key.pem-out$DIR/client-key.pem

#Signclientcert
opensslca-policypolicy_anything-out$DIR/client-cert.pem\
-config$DIR/https://www.360docs.net/doc/a17150447.html,f-infiles$DIR/client-req.pem


5. 修改选项文件　/etc/https://www.360docs.net/doc/a17150447.html,f
[client]
ssl-ca=$DIR/cacert.pem
ssl-cert=$DIR/client-cert.pem
ssl-key=$DIR/client-key.pem
[mysqld]
ssl-ca=$DIR/cacert.pe

m
ssl-cert=$DIR/server-cert.pem
ssl-key=$DIR/server-key.pem

6.测试启动mysql
$DIR是选项文件https://www.360docs.net/doc/a17150447.html,f的路径
shell>mysqld--defaults-file=$DIR/https://www.360docs.net/doc/a17150447.html,f&
Theninvokeaclientprogramusingthesameoptionfile:
shell>mysql--defaults-file=$DIR/https://www.360docs.net/doc/a17150447.html,f


执行以下语句，如果返回以下结果，安装完全成功

mysql>SHOWVARIABLESLIKE'have_openssl';
+---------------+-------+
|Variable_name|Value|
+---------------+-------+
|have_openssl|YES |
+---------------+-------+


7.启动MySQL　daemon
/usr/local/libexec/mysqld-umysql&　或者　/usr/local/sbin/mysqld&


PS：国内这方面资料不多。。我也是看mysql帮助和install帮助弄的。希望没有误人子弟。：）


[此贴被sunwear在2006-01-1116:24重新编辑]顶部 xmasfox 发布于:2006-01-1111:10 [1楼]
这样就不能SINFFER到内容拉(c)Copyleft2003-2007,EvilOctalSecurityTeam.
ThisfileisdecompiledbyanunregisteredversionofChmDecompiler.
Regsiteredversiondoesnotshowthismessage.
YoucandownloadChmDecompilerat:https://www.360docs.net/doc/a17150447.html,/