Comments on How to Enable SSL and Remote Connections for MySQL on CentOS 7

In this tutorial, I will show you step by step to configure MySQL securely for remote connections with SSL. MySQL is an open source relational database system that works on many Operating Systems including Windows, Linux, MacOS and FreeBSD. It is probably the most popular OpenSource RDBMS and a central component of the LAMP and LEMP Stacks.

11 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: William
Reply  

Excellent article, well explained and easy to follow.As a contribution, just mention that in step 2 and step 5, it's not necessary FLUSH PRIVILEGES after changing (ALTER USER) the user's password or creating the new user (CREATE USER and GRANT). See section of manual 6.2.6 When Privilege Changes Take Effect and Stop using FLUSH PRIVILEGES.Thanks and best regards.

By: Rodrigo
Reply  

Hi, this is one of the best procedures I have ever read. Unfortunately, I had an issue on the pasting part (server certificates), the service started on safe mode or failed to start. Is it because I'm using version 5.6?

By: coddybrj
Reply  

openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pemneed to know what does this -days 3600 fucntions. is it related to the expiration of the certs? please advised.

By: till
Reply  

Yes, that's the expiration period.

By: reddy
Reply  

Hi, 

Nice article. very well written. I have tried implementing this, but when it comes to step 5 "require_secure_transport = ON" MySQL won't turn back on and it throws an error 2019-01-04 11:33:53 28485 [ERROR] /usr/sbin/mysqld: unknown variable 'require_secure_transport=ON'. MySQL version 5.6.42. Is it because i am using 5.6 ?

By: Kris
Reply  

Note:

The CA certificate info must be different from the client and server info.^^^This information would be more useful BEFORE the steps to create all the certificates!!!!

By: watzefok
Reply  

Thanks for sharing !

By: Ivan
Reply  

Thanks for the article !

I followed it on an Ubuntu 20.04 box.I had some troubles getting "have_openssl" and "have_ssl" set to "YES"...It turned out that it was Apparmor which was preventing mysql to access the certificats and keys in the /etc/certs directory. I had to move this directory under /etc/mysql.Then it worked !

By: Adam Mulla
Reply  

Hi,

Thanks for you article. this is working in MySQL 8.0.19.  

We we days 3600 which 10years. what will be steps suppose i need to renew or i need to set as permanent basis?

 

Thanks.

By: kikilia
Reply  

Bonjour

j'ai bien suivis ce totoriel ca a marché avec  succé mais le probleme que ca ne marche pas avce un sript php  

<?php

ini_set ('error_reporting', E_ALL);

ini_set ('display_errors', '5');

error_reporting (E_ALL|E_STRICT);

$db = mysqli_init();

mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);

$db->ssl_set('config/client-key.pem', 'config/client-cert.pem' , 'config/ca.pem', NULL, NULL);

$link = mysqli_real_connect ($db, 'ip', 'user', 'motdepasse', 'db', 52000, NULL,  MYSQLI_CLIENT_SSL);

if (!$link)

{

    die ('Connect error (' . mysqli_connect_errno() . '): ' . mysqli_connect_error() . "\n");

} else {

    $res = $db->query('SHOW TABLES;');

    print_r ($res);

    $db->close();

}

 

    

By: Omid
Reply  

Hi Muhammad,

What is the name of your monitoring MySQL?