Anonymous, bureaucrat, administrator
7,528
edits
Changes
From All n One's bxp software Wixi
no edit summary
*'''Common name: myotherdomainname.ie'''
*Email Address: daniel@mydomainname.ie
*'''A challenge password: password'''
*'''Optional name can be entered: All n One Limited'''
<code>openssl x509 -req -in "C:/MySQLSSLCert/server-req.pem" -days 24800 -CA "C:/MySQLSSLCert/ca-cert.pem" -CAkey "C:/MySQLSSLCert/ca-key.pem" -set_serial 01 > "C:/MySQLSSLCert/server-cert.pem"</code> <code>openssl req -newkey rsa:2048 -days 24800 -nodes -keyout "C:/MySQLSSLCert/client-key.pem" > "C:/MySQLSSLCert/client-req.pem"</code> *Country Name : IE*State or Province Name : Leinster*Locality Name: Dublin*Organization Name: All n One Limited*Organizational Unit Name : BXP*'''Common name: somedomainname.ie'''*Email Address: daniel@mydomainname.ie*'''A challenge password: password'''*'''Optional name can be entered: All n One Limited''' <code>openssl x509 -req -in "C:/MySQLSSLCert/client-req.pem" -days 24800 -CA "C:/MySQLSSLCert/ca-cert.pem" -CAkey "C:/MySQLSSLCert/ca-key.pem" -set_serial 01 > "C:/MySQLSSLCert/client-cert.pem"</code> They now need to be tested.<code>openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem</code> You should get two successes. == Step 3: Format certs for SSL == They're in the wrong format for MySQL to use them, so they need to be converted. http://askubuntu.com/questions/194074/enabling-ssl-in-mysql <code>openssl rsa -in server-key.pem -out server-key.pem </code><code>openssl rsa -in client-key.pem -out client-key.pem</code> Test again and you should get success again.<code>openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem </code>
