Questions And Answers

More Tutorials

MYSQL SSL Connection Setup

Setup for Debian-based systems

(This assumes MySQL has been installed and that sudo is being used.)

Generating a CA and SSL keys

Make sure OpenSSL and libraries are installed:

apt-get -y install openssl
apt-get -y install libssl-dev

Next make and enter a directory for the SSL files:

mkdir /home/ubuntu/mysqlcerts
cd /home/ubuntu/mysqlcerts

To generate keys, create a certificate authority (CA) to sign the keys (self-signed):

openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem

The values entered at each prompt won't affect the configuration. Next create a key for the server, and sign using the CA from before:

openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out

Then create a key for a client:

openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem
openssl rsa -in client-key.pem -out client-key.pem
openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out

To make sure everything was set up correctly, verify the keys:

openssl verify -CAfile ca.pem server-cert.pem client-cert.pem

Adding the keys to MySQL

Open the MySQL configuration file. For example:

vim /etc/mysql/mysql.conf.d/mysqld.cnf

Under the [mysqld] section, add the following options:

ssl-ca = /home/ubuntu/mysqlcerts/ca.pem
ssl-cert = /home/ubuntu/mysqlcerts/server-cert.pem
ssl-key = /home/ubuntu/mysqlcerts/server-key.pem


In this page (written and validated by ) you learned about MYSQL SSL Connection Setup . What's Next? If you are interested in completing MYSQL tutorial, your next topic will be learning about: MYSQL Create New User.

Incorrect info or code snippet? We take very seriously the accuracy of the information provided on our website. We also make sure to test all snippets and examples provided for each section. If you find any incorrect information, please send us an email about the issue:

Share On:

Mockstacks was launched to help beginners learn programming languages; the site is optimized with no Ads as, Ads might slow down the performance. We also don't track any personal information; we also don't collect any kind of data unless the user provided us a corrected information. Almost all examples have been tested. Tutorials, references, and examples are constantly reviewed to avoid errors, but we cannot warrant full correctness of all content. By using, you agree to have read and accepted our terms of use, cookies and privacy policy.