与5.7使用 mysql_ssl_rsa_setup 自动生成秘匙不同,5.6需要通过openssl命令来生成秘匙
创建一个 certs 文件用于放秘匙
我放在了datadir目录下 mkdir certs && cd certs
首先生成所需 key
CA
「主要命令」openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem小提示:CA的Country Name要与server/client的Country Name不同,否则 Verify这步会出现错误,出现类似 error 18 at 0 depth lookup:self signed certificate的错误
[[email protected] certs]# openssl genrsa 2048 > ca-key.pem
Generating RSA private key, 2048 bit long modulus
......................................................+++
........+++
e is 65537 (0x10001)
[[email protected] certs]# openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.