MySQL - Setting Up ODBC and SSL

From All n One's bxp software Wixi

Revision as of 14:57, 23 October 2014 by Philip Lacey (talk | contribs)
Jump to: navigation, search

Database encryption is an important security measure and with SSL we can ensure end to end encryption.

1 Step 1: Get Open SSL onto the database server.

Open SSL is free and can be downloaded from the following link http://www.openssl.org/. Once this is installed add it to your system variables path. This can be done as follows:

  • Right click my computer
  • Go to properties
  • Then advanced system settings
  • next click environment variables
  • add to the path: C:\OpenSSL-Win64\bin; or similar depending on your system.


2 Step 2: Create the certs

Create a directory on the C drive like C:\MySQLSSLCerts

Next you will need to open a command window as the admin of your machine/server. Right click on the the command window tool and select "Run as Administrator"

Run as follows and make absolutely sure the common name is different for each one.

openssl genrsa 2048 > "C:/MySQLSSLCert/ca-key.pem"

openssl req -new -x509 -nodes -days 24800 -key "C:/MySQLSSLCert/ca-key.pem" > "C:/MySQLSSLCert/ca-cert.pem"

  • Country Name : IE
  • State or Province Name : Leinster
  • Locality Name: Dublin
  • Organization Name: All n One Limited
  • Organizational Unit Name : BXP
  • Common name: mydomainname.ie
  • Email Address: daniel@mydomainname.ie

openssl req -newkey rsa:2048 -days 24800 -nodes -keyout "C:/MySQLSSLCert/server-key.pem" > "C:/MySQLSSLCert/server-req.pem"

  • Country Name : IE
  • State or Province Name : Leinster
  • Locality Name: Dublin
  • Organization Name: All n One Limited
  • Organizational Unit Name : BXP
  • Common name: myotherdomainname.ie
  • Email Address: daniel@mydomainname.ie
  • A challenge password: password
  • Optional name can be entered: All n One Limited

openssl x509 -req -in "C:/MySQLSSLCert/server-req.pem" -days 24800 -CA "C:/MySQLSSLCert/ca-cert.pem" -CAkey "C:/MySQLSSLCert/ca-key.pem" -set_serial 01 > "C:/MySQLSSLCert/server-cert.pem"

openssl req -newkey rsa:2048 -days 24800 -nodes -keyout "C:/MySQLSSLCert/client-key.pem" > "C:/MySQLSSLCert/client-req.pem"

  • Country Name : IE
  • State or Province Name : Leinster
  • Locality Name: Dublin
  • Organization Name: All n One Limited
  • Organizational Unit Name : BXP
  • Common name: somedomainname.ie
  • Email Address: daniel@mydomainname.ie
  • A challenge password: password
  • Optional name can be entered: All n One Limited

openssl x509 -req -in "C:/MySQLSSLCert/client-req.pem" -days 24800 -CA "C:/MySQLSSLCert/ca-cert.pem" -CAkey "C:/MySQLSSLCert/ca-key.pem" -set_serial 01 > "C:/MySQLSSLCert/client-cert.pem"

They now need to be tested. openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem

You should get two successes.


3 Step 3: Format certs for SSL

They're in the wrong format for MySQL to use them, so they need to be converted.

http://askubuntu.com/questions/194074/enabling-ssl-in-mysql

openssl rsa -in server-key.pem -out server-key.pem

openssl rsa -in client-key.pem -out client-key.pem

Test again and you should get success again. openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem

Retrieved from ‘https://www.bxpsoftware.com/wixi/index.php?title=MySQL_-_Setting_Up_ODBC_and_SSL&oldid=2029