473,848 Members | 1,679 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

MySQL SSL on Windows

I've been tasked by my boss with configuring a MySQL install that we
host for one our partners to support SSL using a commercial
certificate. MySQL is installed on Windows 2000 Server.

1st: I know nothing about MySQL.
2nd: What little documentation I was able to find was very cryptic and
seems written for LINUX.
3rd: I have found reference to the fact that MySQL needs to be
recompiled to support SSL. I have been told that this has been done,
but I am skeptical -- I don't know how to make sure though.
4th: I did find reference in one of the configuration files to SSL
certificate file locations. It seems to be looking for a a client and
CA certificates with a PEM extension. I'm not familiar with that
extension. Do I use Windows certificate services to generate the cert
request and then when I get the cert from Entrust, can I use OpenSSL to
convert it to PEM? Or do I use OpenSSL from the outset to generate the
request. Remember this cert needs to come from a commerical CA.

Does anyone know of step by step walk through for setting up SSL for
MySQL on Windows? This is very hot -- your responses are much
appreciated.

Jason

Jul 12 '06 #1
1 11215
You can check to see if MySQL support openssl by type this on the MySQL
command line:
Show variables like 'have_openssl';

In Linux and BSD systems you can download openssl and build mysql with ssl
support by adding --with-vio and --with-openssl options to the configure
command. In windows though, I think you buy the binary from mysql that has
openssl already built into it.

Anyways, once you have openssl enabled in myssql, each end of a connection
uses 3 files to set up secure communication: a CA certificate, a certificate
file (authenticates one isde of the connection to the other), a key file
(servers public key).

The server cert and key files must be installed first. Once this is done you
can modify your my.cnf file (my.ini in windows) to inlcude entries like
this:
[mysqld]
Ssl-ca=/usr/local/mysql/data/ca-cert.pm
Ssl-cert=/usr/local/mysql/data/server-cert.pem
Ssl-key=/usr/local/mysql/data/server-key.pem

Restart the server and if the paths are good, your server is now ready to
accept encrypted connections; however the clients also need to use secure
connections. In nix os's, what happens is that the same ca-cert file can be
used in the client side also. just copy it to each user's home dir and then
the user's individual my.cnf which is named .my.cnf will include lines like
this:
[mysql]
Ssl-ca=/Users/JohnDoe/ca-cert.pem
Ssl-cert=/Users/JohnDoe/client-cert.pem
Ssl-key=/Users/JohnDoe/client-key.pem

Once that is done. Clients can successfully connect with ssl support
enabled. As you can see, it's not an easy process. The bulk of work is
creating the ssl cert and keys and such. Once you have those, it's just a
matter of referencing them in the configuration file

Hope this helps.
On 7/12/06 09:10, in article
11************* *********@m73g2 00...legr oups.com, "Jason Wilson"
<wi*****@ausrad .comwrote:
I've been tasked by my boss with configuring a MySQL install that we
host for one our partners to support SSL using a commercial
certificate. MySQL is installed on Windows 2000 Server.

1st: I know nothing about MySQL.
2nd: What little documentation I was able to find was very cryptic and
seems written for LINUX.
3rd: I have found reference to the fact that MySQL needs to be
recompiled to support SSL. I have been told that this has been done,
but I am skeptical -- I don't know how to make sure though.
4th: I did find reference in one of the configuration files to SSL
certificate file locations. It seems to be looking for a a client and
CA certificates with a PEM extension. I'm not familiar with that
extension. Do I use Windows certificate services to generate the cert
request and then when I get the cert from Entrust, can I use OpenSSL to
convert it to PEM? Or do I use OpenSSL from the outset to generate the
request. Remember this cert needs to come from a commerical CA.

Does anyone know of step by step walk through for setting up SSL for
MySQL on Windows? This is very hot -- your responses are much
appreciated.

Jason
Jul 12 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
2432
by: user mysql | last post by:
HELLO FRIENDS. HERE A FANTASTIC NEWS FOR MYSQL WINDOWS USER. READE THIS. The article is grab from www/internetnews/com/ DO YOU THINK THAT IS A GOOD NEWS ? ----------------------------------------------------------------------------- Open source database server company MySQL's next production release of its open source MySQL database server will be sporting a new Windows installer, one partially built with an open source project courtesy...
0
2894
by: Stefan Hinz | last post by:
Degan, jumping in to try and solve some problems that look pretty obvious to me ... > #options for default service (mysqld2) > (mysqld2) It should be , not (mysqld2).
0
1844
by: miguel solórzano | last post by:
At 14:47 24/7/2003 +0200, Stefan Hinz wrote: Hi, > > (I think I messed up here. I decided to start from scratch, I removed > > "MySQL Servers and Clients 4.0.13" from the program list (as it appears > > when I run the "setup.exe" it installs MySQL software in Windows) and > > deleted all the folders (which included the old "c:\mysql\" directory > > with mysqld in the \bin folder) before performing the remove > > instructions below. So...
0
1997
by: Gary Broughton | last post by:
Thanks to everybody for all your help and advice. It seems Linux is going to HAVE to be the next step, but while I know sod all about it, I have enlisted the help of a colleague to assist with that side of things. So I shall crack on with that, and subsequently let you know what the outcome is. :-) Thanks again Gary -----Original Message----- From: Nils Valentin
29
2600
by: smorrey | last post by:
I've been thinking on this long and hard, and I can't seem to come up with an answer on it. Why is it almost always assumed the MySQL will be the server for nearly any PHP app? Why is it MySQL and not PostGRES or SQLite? At this point the only reason I can think of is that MySQL has a much more friendly name. But is that really it?
175
11550
by: Sai Hertz And Control Systems | last post by:
Dear all, Their was a huge rore about MySQL recently for something in java functions now theirs one more http://www.mysql.com/doc/en/News-5.0.x.html Does this concern anyone. What I think is PostgreSQL would have less USP's (Uniqe Selling Points
5
3373
by: NewbieSupreme | last post by:
I installed Apache 2.0.58, tested it, got the "working" page. Installed MySQL 5.0.22, and didn't really see how to test that, but there is a mysql process running in the task manager. Ran through the PHP 5.1.4 installation directions, and that seems to work, since I can use phpinfo() and get all the information on a test php page. Then I installed (really just unzipped and placed some files according to the directions) PHPMyAdmin; did...
0
12905
Coldfire
by: Coldfire | last post by:
Since i cannot show the differences in a two-column like table. I am first putting MS SQL Server 2005 and then MySQL 5.x. MS SQL Server 2005 Brief Overview - SQL Server is a full-fledged database system developed specifically for large enterprise databases. All advanced features of a relational database are fully implemented. - Once you purchase the product, you are only limited to the Sybase-derived engine.
6
38543
Atli
by: Atli | last post by:
This is an easy to digest 12 step guide on basics of using MySQL. It's a great refresher for those who need it and it work's great for first time MySQL users. Anyone should be able to get through this without much trouble. Programming knowledge is not required. Index What is SQL? Why MySQL? Installing MySQL. Using the MySQL command line interface
0
9738
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
11001
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10664
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
10348
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
7894
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
7069
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5735
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
4544
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4137
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.