v8r6-ssl配置简要步骤:
证书使用KingbaseES/Server/share目录证书
服务端配置
- 拷贝服务端需要证书到data目录
cp root.crt server.crt server.key data --data替换为实际路径 - 修改权限为600
chmod 600 root.crt server.crt server.key - kingbase.conf中修改ssl为on
data/kingbase.conf中添加
ssl=on
ssl_ca_file=‘root.crt’
ssl_cert_file=‘server.crt’
ssl_key_file=‘server.key’ - sys_hba.conf中添加hostssl配置
data/sys_hba.conf中ip4修改为
# IPv4 local connections:
hostssl all all 0.0.0.0/0 scram-sha-256 clientcert=1
#host all all 127.0.0.1/32 scram-sha-256
#host all all 0.0.0.0/0 scram-sha-256
- 重启数据库
ksql配置
- 数据库用户家目录创建.kingbase
mkdir .kingbase - 拷贝客户端证书到.kingbase
cp root.crt kingbase8.crt kingbase8.key .kingbase
mv kingbase8.crt kingbase.crt
mv kingbase8.key kingbase.key - 修改权限为600
chmod 600 root.crt kingbase.crt kingbase.key - ksql访问,需带着-h
ksql -h 127.0.0.1 -U system -d test
KStudio配置
- 拷贝证书到目录
cp root.crt kingbase8.crt kingbase8.pk8 /home/kingbase
mv kingbase8.crt kingbase.crt
mv kingbase8.pk8 kingbase.pk8 - 修改权限为600
chmod 600 root.crt kingbase.crt kingbase.pk8 - 打开KStudio,依次选择root.crt kingbase.crt kingbase.pk8
- 查询ssl连接信息
select * from sys_stat_ssl;