Percona Server moved to https://jira.percona.com/projects/PS

Bug #1007164
Comment #6

Comment 6 for bug 1007164

Revision history for this message

Raghavendra D Prabhu (raghavendra-prabhu) wrote on 2012-09-10:

Tested and works fine. (both mysql and PS)

>>mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.5.27-log Source distribution

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> grant ALL on *.* to 'testuser'@'localhost' identified by 'test' require ssl;
Query OK, 0 rows affected (0.00 sec)

mysql> Bye

>>mysql -u testuser -ptest
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.5.27-log Source distribution

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> \s
--------------
mysql Ver 14.14 Distrib 5.5.27, for Linux (x86_64) using readline 5.1

Connection id: 6
Current database:
Current user: testuser@localhost
SSL: Cipher in use is DHE-RSA-AES256-SHA
Current pager: less -R -i -M -s -j.5 -J -W -z-5
Using outfile: ''
Using delimiter: ;
Server version: 5.5.27-log Source distribution
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: utf8
Db characterset: utf8
Client characterset: utf8
Conn. characterset: utf8
UNIX socket: /var/run/mysqld/mysqld.sock
Uptime: 10 min 30 sec

Threads: 1 Questions: 30 Slow queries: 0 Opens: 33 Flush tables: 1 Open tables: 26 Queries per second avg: 0.047
--------------

Generation:

I generated certificates as follows: (thanks to http://serverfault.com/a/399581)

openssl req -x509 -newkey rsa:1024 \
-keyout server-key-enc.pem -out server-cert.pem \
-subj '/DC=com/DC=example/CN=server' -passout pass:qwerty

openssl rsa -in server-key-enc.pem -out server-key.pem \
-passin pass:qwerty -passout pass:

openssl req -x509 -newkey rsa:1024 \
-keyout client-key-enc.pem -out client-cert.pem \
-subj '/DC=com/DC=example/CN=client' -passout pass:qwerty

openssl rsa -in client-key-enc.pem -out client-key.pem \
-passin pass:qwerty -passout pass:

cat server-cert.pem client-cert.pem > ca.pem

with configuration being:

ssl-ca=/qemu/share/certs/ca.pem
ssl-cert=/qemu/share/certs/client-cert.pem
ssl-key=/qemu/share/certs/client-key.pem

under [client]

and

ssl-ca=/qemu/share/certs/ca.pem
ssl-cert=/qemu/share/certs/server-cert.pem
ssl-key=/qemu/share/certs/server-key.pem

under [mysqld]

===============================

The key (as also mentioned in serverfault link) is to note that the certs are self-signed and follow procedure for them (like -x509 to req)

Tested and works fine. (both mysql and PS)

>>mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.5.27-log Source distribution

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> grant ALL on *.* to 'testuser'@'localhost' identified by 'test' require ssl;
Query OK, 0 rows affected (0.00 sec)

mysql> Bye

>>mysql -u testuser -ptest
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.5.27-log Source distribution

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> \s
--------------
mysql  Ver 14.14 Distrib 5.5.27, for Linux (x86_64) using readline 5.1

Connection id:          6
Current database:
Current user:           testuser@localhost
SSL:                    Cipher in use is DHE-RSA-AES256-SHA
Current pager:          less -R -i -M -s -j.5 -J -W -z-5
Using outfile:          ''
Using delimiter:        ;
Server version:         5.5.27-log Source distribution
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    utf8
Db     characterset:    utf8
Client characterset:    utf8
Conn.  characterset:    utf8
UNIX socket:            /var/run/mysqld/mysqld.sock
Uptime:                 10 min 30 sec

Threads: 1  Questions: 30  Slow queries: 0  Opens: 33  Flush tables: 1  Open tables: 26  Queries per second avg: 0.047
--------------

Generation:

I generated certificates as follows: (thanks to http://serverfault.com/a/399581)

openssl req -x509 -newkey rsa:1024 \
-keyout server-key-enc.pem -out server-cert.pem \
-subj '/DC=com/DC=example/CN=server' -passout pass:qwerty

openssl rsa -in server-key-enc.pem -out server-key.pem \
-passin pass:qwerty -passout pass:

openssl req -x509 -newkey rsa:1024 \
-keyout client-key-enc.pem -out client-cert.pem \
-subj '/DC=com/DC=example/CN=client' -passout pass:qwerty

openssl rsa -in client-key-enc.pem -out client-key.pem \
-passin pass:qwerty -passout pass:

cat server-cert.pem client-cert.pem > ca.pem

with  configuration being:

ssl-ca=/qemu/share/certs/ca.pem
ssl-cert=/qemu/share/certs/client-cert.pem
ssl-key=/qemu/share/certs/client-key.pem

under [client]

and

ssl-ca=/qemu/share/certs/ca.pem
ssl-cert=/qemu/share/certs/server-cert.pem
ssl-key=/qemu/share/certs/server-key.pem

under [mysqld]

===============================

The key (as also mentioned in serverfault link) is to note that the certs are self-signed and follow procedure for them (like -x509 to req)