Setup for SSL MySQL Enterprise Database Version 8.0.22

Setup for SSL MySQL Enterprise Database Version 8.0.22

Purpose of the Document

Procedure for MySQL Database Installation ( 8.0.22 – Enterprise) and setup for SSL on RHEL 8

=====================================================================

MySQL Database Installation –RHEL 8.x – DB Version 8.0.22 – Enterprise Edition

=====================================================================

The below procedure is related to MySQL Database Installation Version 8.0.22 on RHEL 8.4. ( Enterprise Edition)

MySQL Server 172.31.17.141

MySQL Client 172.31.25.170

(1) Check the OS version of RHEL by using below command.

[root@mysql-server ~]# cat /etc/redhat-release

Red Hat Enterprise Linux release 8.4 (Ootpa)

(2) Create local group for dba

[root@mysql-server ~]# groupadd -g 1020 dba

(3) Create local user for mysql

[root@mysql-server ~]# useradd -g dba -u 888 -d /home/mysql -m mysql

For Example :- Based on your environment you can consider home path

useradd -g dba -u 888 -d /export/home/mysql -m mysql

or

useradd -g dba -u 888 -d /data/mysql -m mysql

or

useradd -g dba -u 888 -d /u01/app/mysql -m mysql

(4) Set the password for mysql user .Password is need to set same as username (mysql) : i.e

[root@mysql-server ~]# passwd mysql

(5) Copy the s/w ( RPM’s) from local machine to server as a mysql user through winscp.

(6) After copy the s/w in to mysql home directory run gunzip and tar commands for extracting the files.

gunzip <bundle software.gzip>

tar -xvf <filename.tar>

(7) Go to unzip folder then install MySQL Database by using RPM. We should install below RPM’s for MySQL Database 8.0.22

Dependency Packages :-

[root@mysql-server RPM]# yum install libaio

[root@mysql-server RPM]# yum install net-tools

[root@mysql-server RPM]# yum install perl

After installed Dependency packages , we should install MySQL Server Packages based on below order .

[root@mysql-server RPM]# rpm -ivh mysql-commercial-common-8.0.22-1.1.el8.x86_64.rpm

[root@mysql-server RPM]# rpm -ivh mysql-commercial-client-plugins-8.0.22-1.1.el8.x86_64.rpm

[root@mysql-server RPM]# rpm -ivh mysql-commercial-libs-8.0.22-1.1.el8.x86_64.rpm

[root@mysql-server RPM]# rpm -ivh mysql-commercial-client-8.0.22-1.1.el8.x86_64.rpm

[root@mysql-server RPM]# rpm -ivh mysql-commercial-server-8.0.22-1.1.el8.x86_64.rpm

(8) As a root user, we should run below command to install all meta data tables which is related to MySQL Database.

--> Switch the user as a mysql : su - mysql

--> Go to /usr/sbin folder and run below command to install meta data tables of Mysql.

[root@mysql-server ~]# su - mysql

Last login: Tue Jul 13 08:27:26 UTC 2021 on pts/0

[mysql@mysql-server ~]$ /usr/sbin/mysqld --initialize

[mysql@mysql-server ~]$ exit

[root@mysql-server ~]# cd /var/lib/mysql

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server mysql]# ls -ltr

-rw-r-----. 1 mysql dba 50331648 Jul 13 08:38 ib_logfile1

-rw-r-----. 1 mysql dba 8585216 Jul 13 08:38 '#ib_16384_1.dblwr'

drwxr-x---. 2 mysql dba 8192 Jul 13 08:38 performance_schema

-rw-r-----. 1 mysql dba 56 Jul 13 08:38 auto.cnf

-rw-------. 1 mysql dba 1676 Jul 13 08:38 ca-key.pem

-rw-r--r--. 1 mysql dba 1112 Jul 13 08:38 ca.pem

-rw-------. 1 mysql dba 1676 Jul 13 08:38 server-key.pem

-rw-r--r--. 1 mysql dba 1112 Jul 13 08:38 server-cert.pem

-rw-------. 1 mysql dba 1680 Jul 13 08:38 client-key.pem

-rw-r--r--. 1 mysql dba 1112 Jul 13 08:38 client-cert.pem

-rw-r--r--. 1 mysql dba 452 Jul 13 08:38 public_key.pem

-rw-------. 1 mysql dba 1676 Jul 13 08:38 private_key.pem

drwxr-x---. 2 mysql dba 143 Jul 13 08:38 mysql

drwxr-x---. 2 mysql dba 28 Jul 13 08:38 sys

-rw-r-----. 1 mysql dba 5502 Jul 13 08:38 ib_buffer_pool

-rw-r-----. 1 mysql dba 10485760 Jul 13 08:38 undo_001

-rw-r-----. 1 mysql dba 25165824 Jul 13 08:38 mysql.ibd

-rw-r-----. 1 mysql dba 196608 Jul 13 08:38 '#ib_16384_0.dblwr'

-rw-r-----. 1 mysql dba 10485760 Jul 13 08:38 undo_002

-rw-r-----. 1 mysql dba 50331648 Jul 13 08:38 ib_logfile0

-rw-r-----. 1 mysql dba 12582912 Jul 13 08:38 ibdata1

drwxr-x---. 2 mysql dba 6 Jul 13 08:38 '#innodb_temp'

Note : Automatically all meta data tables will create under /var/lib/mysql folder.

(9) Start the Mysql Database by using below command as a root user from command line.

[root@mysql-server ~]# systemctl status mysqld

mysqld.service - MySQL Server

Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)

Active: inactive (dead)

Docs: man:mysqld(8)

http://dev.mysql.com/doc/refman/en/using-systemd.html

[root@mysql-server ~]# systemctl start mysqld

[root@mysql-server ~]# systemctl status mysqld

mysqld.service - MySQL Server

Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)

Active: active (running) since Tue 2021-07-13 08:39:35 UTC; 2s ago

Docs: man:mysqld(8)

http://dev.mysql.com/doc/refman/en/using-systemd.html

Process: 63120 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)

Main PID: 63143 (mysqld)

Status: "Server is operational"

Tasks: 38 (limit: 4821)

Memory: 405.6M

CGroup: /system.slice/mysqld.service

63143 /usr/sbin/mysqld

Jul 13 08:39:33 mysql-server systemd[1]: Starting MySQL Server...

Jul 13 08:39:35 mysql-server systemd[1]: Started MySQL Server.

(10) Here no need to set the password for mysql super user “root” . Please check the default password of mysql super user by using below command.

[root@mysql-server ~]# grep 'temporary password' /var/log/mysqld.log

2021-07-13T08:38:20.389691Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost:

xdeoZ#zND3;y

From above command, you will get random password while installing the mysql database.

(11) Then connect to the mysql database from command line as a root user

[root@mysql-server ~]# mysql -u root -p

Enter password: <give temporary password>

Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 8.Server version: 8.0.22-

commercial.Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.Oracle is a registered

trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> select version();

ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.

mysql> alter user 'root'@'localhost' identified by 'root'; flush privileges;

Query OK, 0 rows affected (0.01 sec)

Query OK, 0 rows affected (0.00 sec)

mysql> exit

Bye

[root@mysql-server ~]# mysql -u root -p

Enter password: < With New Password >

Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 10 .Server version: 8.0.22-

commercial MySQL Enterprise Server – Commercial.Copyright (c) 2000, 2020, Oracle and/or its affiliates. All

rights reserved.Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may

be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input

statement.

mysql> select version();

+-------------------+

| version() |

+-------------------+

| 8.0.22-commercial |

+-------------------+

1 row in set (0.00 sec)

--> Please run below commands after connect mysql database

mysql> select version();

mysql> show databases;

mysql> use mysql;

mysql> select user,host, authentication_string from user; ==> make sure there are no users that are blank

mysql> grant all on *.* to 'root'@'%' with grant option;

mysql> flush privileges;

mysql> select user,host, authentication_string from user; ==> make sure all the changes you have done are

available.

(12) Edit /etc/my.cnf

# These are commonly set, remove the # and set as required.

basedir = /usr

datadir = /var/lib/mysql

port = 3306

server_id = 1

socket = /var/lib/mysql/mysql.sock

(13) Now shutdown the database and start it à for this login as root.

systemctl start mysqld

systemctl stop mysqld

systemctl restart mysqld

systemctl status mysqld

systemctl {start|stop|restart|status} mysqld

=====================================================================

CA Certificates From MySQL Server Level

=====================================================================

Create new directory under data directory folder and create the CA certificate

First we need to mv to org SSL certificates which is already generated from DB level while installing the mysql

database.

[root@mysql-server mysql]# mv server-key.pem server-key.pem_org

[root@mysql-server mysql]# mv server-cert.pem server-cert.pem_org

[root@mysql-server mysql]# mv client-key.pem client-key.pem_org

[root@mysql-server mysql]# mv public_key.pem public_key.pem_org

[root@mysql-server mysql]# mv private_key.pem private_key.pem_org

[root@mysql-server mysql]# mv ca.pem ca.pem_org

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server mysql]# openssl genrsa 2048 > ca-key.pem

Generating RSA private key, 2048 bit long modulus (2 primes)

.....................................................................

.........+++++

e is 65537 (0x010001)

[root@mysql-server mysql]# ls -ltr

-rw-r--r--. 1 root root 1679 Jul 13 08:52 ca-key.pem

[root@mysql-server SSL_CERT]# pwd

/var/lib/mysql

[root@mysql-server mysql]# ls -ltr

-rw-r--r--. 1 root root 1679 Jul 13 08:52 ca-key.pem

[root@mysql-server mysql]# openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:IN

State or Province Name (full name) []:KA

Locality Name (eg, city) [Default City]:BA

Organization Name (eg, company) [Default Company Ltd]:CTS1

Organizational Unit Name (eg, section) []:CLOUD

Common Name (eg, your name or your server's hostname) []:MyCA

Email Address []:

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server mysql]# ls -ltr

-rw-r--r--. 1 root root 1679 Jul 13 08:52 ca-key.pem

-rw-r--r--. 1 root root 1289 Jul 13 08:55 ca.pem


=====================================================================

Server Certificates - From MySQL Server Level

=====================================================================

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server mysql]# ls -ltr

-rw-r--r--. 1 root root 1679 Jul 13 08:52 ca-key.pem

-rw-r--r--. 1 root root 1289 Jul 13 08:55 ca.pem

[root@mysql-server mysql]# openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out serverreq.

pem

Ignoring -days; not generating a certificate

Generating a RSA private key

....................+++++

...............................+++++

writing new private key to 'server-key.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:IN

State or Province Name (full name) []:KA

Locality Name (eg, city) [Default City]:BA

Organization Name (eg, company) [Default Company Ltd]:TCS1

Organizational Unit Name (eg, section) []:CLOUD

Common Name (eg, your name or your server's hostname) []:DB_Server

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:root123

An optional company name []:

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server SSL_CERT]# ls -lr

-rw-r--r--. 1 root root 1017 Jul 13 08:58 server-req.pem

-rw-------. 1 root root 1708 Jul 13 08:57 server-key.pem

-rw-r--r--. 1 root root 1289 Jul 13 08:55 ca.pem

-rw-r--r--. 1 root root 1679 Jul 13 08:52 ca-key.pem

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server mysql]# ls -ltr

-rw-r--r--. 1 root root 1679 Jul 13 08:52 ca-key.pem

-rw-r--r--. 1 root root 1289 Jul 13 08:55 ca.pem

-rw-------. 1 root root 1708 Jul 13 08:57 server-key.pem

-rw-r--r--. 1 root root 1017 Jul 13 08:58 server-req.pem

[root@mysql-server mysql]# openssl rsa -in server-key.pem -out server-key.pem

writing RSA key

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server mysql]# ls -ltr

-rw-r--r--. 1 root root 1679 Jul 13 08:52 ca-key.pem

-rw-r--r--. 1 root root 1289 Jul 13 08:55 ca.pem

-rw-r--r--. 1 root root 1017 Jul 13 08:58 server-req.pem

-rw-------. 1 root root 1679 Jul 13 08:59 server-key.pem

[root@mysql-server mysql]# openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -

set_serial 01 -out server-cert.pem

Signature ok

subject=C = IN, ST = KA, L = BA, O = TCS1, OU = CLOUD, CN = DB_Server

Getting CA Private Key

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server mysql]# ls -ltr

-rw-r--r--. 1 root root 1679 Jul 13 08:52 ca-key.pem

-rw-r--r--. 1 root root 1289 Jul 13 08:55 ca.pem

-rw-r--r--. 1 root root 1017 Jul 13 08:58 server-req.pem

-rw-------. 1 root root 1679 Jul 13 08:59 server-key.pem

-rw-r--r--. 1 root root 1147 Jul 13 09:02 server-cert.pem


=====================================================================

Client Certificates – From MySQL Server Level

=====================================================================

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server mysql]# openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out clientreq.

pem

Ignoring -days; not generating a certificate

Generating a RSA private key

..............+++++

......................................................+++++

writing new private key to 'client-key.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:IN

State or Province Name (full name) []:KA

Locality Name (eg, city) [Default City]:BA

Organization Name (eg, company) [Default Company Ltd]:TCS1

Organizational Unit Name (eg, section) []:CLOUD

Common Name (eg, your name or your server's hostname) []:MyClient

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:root123

An optional company name []:

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server mysql]# ls -ltr

-rw-r--r--. 1 root root 1679 Jul 13 08:52 ca-key.pem

-rw-r--r--. 1 root root 1289 Jul 13 08:55 ca.pem

-rw-r--r--. 1 root root 1017 Jul 13 08:58 server-req.pem

-rw-------. 1 root root 1679 Jul 13 08:59 server-key.pem

-rw-r--r--. 1 root root 1147 Jul 13 09:02 server-cert.pem

-rw-------. 1 root root 1704 Jul 13 09:03 client-key.pem

-rw-r--r--. 1 root root 1017 Jul 13 09:04 client-req.pem

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server mysql]# openssl rsa -in client-key.pem -out client-key.pem

writing RSA key

[root@mysql-server mysql]# ls -ltr

-rw-r--r--. 1 root root 1679 Jul 13 08:52 ca-key.pem

-rw-r--r--. 1 root root 1289 Jul 13 08:55 ca.pem

-rw-r--r--. 1 root root 1017 Jul 13 08:58 server-req.pem

-rw-------. 1 root root 1679 Jul 13 08:59 server-key.pem

-rw-r--r--. 1 root root 1147 Jul 13 09:02 server-cert.pem

-rw-r--r--. 1 root root 1017 Jul 13 09:04 client-req.pem

-rw-------. 1 root root 1679 Jul 13 09:05 client-key.pem

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server mysql]# openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -

set_serial 01 -out client-cert.pem

Signature ok

subject=C = IN, ST = KA, L = BA, O = TCS1, OU = CLOUD, CN = MyClient

Getting CA Private Key

[root@mysql-server mysql]# ls -ltr

-rw-r--r--. 1 root root 1679 Jul 13 08:52 ca-key.pem

-rw-r--r--. 1 root root 1289 Jul 13 08:55 ca.pem

-rw-r--r--. 1 root root 1017 Jul 13 08:58 server-req.pem

-rw-------. 1 root root 1679 Jul 13 08:59 server-key.pem

-rw-r--r--. 1 root root 1147 Jul 13 09:02 server-cert.pem

-rw-r--r--. 1 root root 1017 Jul 13 09:04 client-req.pem

-rw-------. 1 root root 1679 Jul 13 09:05 client-key.pem

-rw-r--r--. 1 root root 1147 Jul 13 09:08 client-cert.pem


=====================================================================

Verification from MySQL Server Level

=====================================================================

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server SSL_CERT]# ls -ltr

-rw-r--r--. 1 root root 1679 Jul 13 08:52 ca-key.pem

-rw-r--r--. 1 root root 1289 Jul 13 08:55 ca.pem

-rw-r--r--. 1 root root 1017 Jul 13 08:58 server-req.pem

-rw-------. 1 root root 1679 Jul 13 08:59 server-key.pem

-rw-r--r--. 1 root root 1147 Jul 13 09:02 server-cert.pem

-rw-r--r--. 1 root root 1017 Jul 13 09:04 client-req.pem

-rw-------. 1 root root 1679 Jul 13 09:05 client-key.pem

-rw-r--r--. 1 root root 1147 Jul 13 09:08 client-cert.pem

[root@mysql-server SSL_CERT]# openssl verify -CAfile ca.pem server-cert.pem client-cert.pem

server-cert.pem: OK

client-cert.pem: OK

[root@mysql-server mysql]# chown -R mysql server-req.pem server-key.pem server-cert.pem ca.pem ca-key.pem

client-req.pem client-key.pem client-cert.pem

[root@mysql-server mysql]# chgrp -R dba server-req.pem server-key.pem server-cert.pem ca.pem ca-key.pem clientreq.

pem client-key.pem client-cert.pem

Possible Issues :-

-------------------------

2021-07-13T09:12:50.806812Z 0 [ERROR] [MY-000059] [Server] SSL error: Unable to get private key from '/etc

/SSL_CERT/server-key.pem'.

2021-07-13T09:42:41.561073Z 0 [Warning] [MY-011302] [Server] Plugin mysqlx reported: 'Failed at SSL

configuration: "SSL context is not usable without certificate and private key"'

Solution :-

--------------------------

All SSL certificates are pointing to Data Dir . So we should keep our SSL certificates in /var/lib/mysql or in

data directory .

[root@mysql-server mysql]# pwd

/var/lib/mysql

[root@mysql-server mysql]# ls -ltr

-rw-------. 1 mysql dba 1676 Jul 13 08:38 ca-key.pem_org

-rw-r--r--. 1 mysql dba 1112 Jul 13 08:38 ca.pem_org

-rw-------. 1 mysql dba 1676 Jul 13 08:38 server-key.pem_org

-rw-r--r--. 1 mysql dba 1112 Jul 13 08:38 server-cert.pem_org

-rw-------. 1 mysql dba 1680 Jul 13 08:38 client-key.pem_org

-rw-r--r--. 1 mysql dba 1112 Jul 13 08:38 client-cert.pem

-rw-r--r--. 1 mysql mysql 452 Jul 13 09:28 public_key.pem_org

-rw-------. 1 mysql mysql 1676 Jul 13 09:28 private_key.pem_org

-rw-r--r--. 1 mysql dba 1017 Jul 13 09:50 server-req.pem

-rw-------. 1 mysql dba 1679 Jul 13 09:50 server-key.pem

-rw-r--r--. 1 mysql dba 1147 Jul 13 09:50 server-cert.pem

-rw-r--r--. 1 mysql dba 1289 Jul 13 09:50 ca.pem

-rw-r--r--. 1 mysql dba 1679 Jul 13 09:50 ca-key.pem

-rw-r--r--. 1 mysql mysql 452 Jul 13 09:51 public_key.pem

-rw-------. 1 mysql mysql 1676 Jul 13 09:51 private_key.pem

And also we should keep data dir path for SSL in my.cnf file and restart the service of mysql.

=====================================================================

Adding Certifications path in to my.cnf file and restart the Database from MySQL Server level

=====================================================================

[root@mysql-server ~]# vi /etc/my.cnf

[root@mysql-server ~]# service mysqld status

Redirecting to /bin/systemctl status mysqld.service

mysqld.service - MySQL Server

Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)

Active: active (running) since Tue 2021-07-13 08:46:59 UTC; 25min ago

Docs: man:mysqld(8)

http://dev.mysql.com/doc/refman/en/using-systemd.html

Process: 63233 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)

Main PID: 63257 (mysqld)

Status: "Server is operational"

Tasks: 38 (limit: 4821)

Memory: 338.1M

CGroup: /system.slice/mysqld.service

63257 /usr/sbin/mysqld

Jul 13 08:46:57 mysql-server systemd[1]: mysqld.service: Succeeded.

Jul 13 08:46:57 mysql-server systemd[1]: Stopped MySQL Server.

Jul 13 08:46:57 mysql-server systemd[1]: Starting MySQL Server...

Jul 13 08:46:59 mysql-server systemd[1]: Started MySQL Server.

[root@mysql-server ~]# service mysqld restart

Redirecting to /bin/systemctl restart mysqld.service

[root@mysql-server ~]# service mysqld status

Redirecting to /bin/systemctl status mysqld.service

mysqld.service - MySQL Server

Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)

Active: active (running) since Tue 2021-07-13 09:12:50 UTC; 2s ago

Docs: man:mysqld(8)

http://dev.mysql.com/doc/refman/en/using-systemd.html

Process: 63475 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)

Main PID: 63499 (mysqld)

Status: "Server is operational"

Tasks: 38 (limit: 4821)

Memory: 328.6M

CGroup: /system.slice/mysqld.service

63499 /usr/sbin/mysqld

Jul 13 09:12:49 mysql-server systemd[1]: mysqld.service: Succeeded.

Jul 13 09:12:49 mysql-server systemd[1]: Stopped MySQL Server.

Jul 13 09:12:49 mysql-server systemd[1]: Starting MySQL Server...

Jul 13 09:12:50 mysql-server systemd[1]: Started MySQL Server.

[root@mysql-server ~]# cat /etc/my.cnf | grep -i ssl

ssl-ca=/var/lib/mysql/ca.pem

ssl-cert=/var/lib/mysql/server-cert.pem

ssl-key=/var/lib/mysql/server-key.pem

=====================================================================

Checking the values and variables from MySQL Server level

=====================================================================

[root@mysql-server ~]# mysql -u root -p

Enter password:root

Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 10.Server version: 8.0.22-

commercial MySQL Enterprise Server – Commercial.Copyright (c) 2000, 2020, Oracle and/or its affiliates. All

rights reserved.Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may

be trademarks of their respective owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input

statement.

mysql> status;

--------------

mysql Ver 8.0.22-commercial for Linux on x86_64 (MySQL Enterprise Server - Commercial)

Connection id: 10

Current database:

Current user: root@localhost

SSL: Not in use

Current pager: stdout

Using outfile: ''

Using delimiter: ;

Server version: 8.0.22-commercial MySQL Enterprise Server - Commercial

Protocol version: 10

Connection: Localhost via UNIX socket

Server characterset: utf8mb4

Db characterset: utf8mb4

Client characterset: utf8mb4

Conn. characterset: utf8mb4

UNIX socket: /var/lib/mysql/mysql.sock

Binary data as: Hexadecimal

Uptime: 11 min 10 sec

Threads: 2 Questions: 8 Slow queries: 0 Opens: 132 Flush tables: 3 Open tables: 53 Queries per second

avg: 0.011

--------------

mysql> show variables like 'ssl_%';

+---------------+--------------------------------+

| Variable_name | Value |

+---------------+--------------------------------+

| ssl_ca | /var/lib/mysql/ca.pem |

| ssl_capath | |

| ssl_cert | /var/lib/mysql/server-cert.pem |

| ssl_cipher | |

| ssl_crl | |

| ssl_crlpath | |

| ssl_fips_mode | OFF |

| ssl_key | /var/lib/mysql/server-key.pem |

+---------------+--------------------------------+

8 rows in set (0.01 sec)

mysql> show variables like '%CA%';

+----------------------------------------------+---------------------

| Variable_name | Value |

+----------------------------------------------+---------------------

| admin_ssl_ca | |

| admin_ssl_capath | |

| binlog_cache_size | 32768 |

| binlog_stmt_cache_size | 32768 |

| caching_sha2_password_auto_generate_rsa_keys | ON |

| caching_sha2_password_private_key_path | private_key.pem |

| caching_sha2_password_public_key_path | public_key.pem |

| default_authentication_plugin | caching_sha2_password |

| group_concat_max_len | 1024 |

| group_replication_consistency | EVENTUAL |

| have_query_cache | NO |

| host_cache_size | 279 |

| innodb_dedicated_server | OFF |

| innodb_disable_sort_file_cache | OFF |

| innodb_ft_cache_size | 8000000 |

| innodb_ft_result_cache_limit | 2000000000 |

| innodb_ft_total_cache_size | 640000000 |

| innodb_io_capacity | 200 |

| innodb_io_capacity_max | 2000 |

| innodb_lru_scan_depth | 1024 |

| innodb_purge_rseg_truncate_frequency | 128 |

| innodb_replication_delay | 0 |

| innodb_stats_auto_recalc | ON |

| innodb_undo_log_truncate | ON |

| key_cache_age_threshold | 300 |

| key_cache_block_size | 1024 |

| key_cache_division_limit | 100 |

| local_infile | OFF |

| lower_case_file_system | OFF |

| lower_case_table_names | 0 |

| max_binlog_cache_size | 18446744073709547520 |

| max_binlog_stmt_cache_size | 18446744073709547520 |

| mysqlx_ssl_ca | |

| mysqlx_ssl_capath | |

| schema_definition_cache | 256 |

| ssl_ca | /var/lib/mysql/ca.pem |

| ssl_capath | |

| stored_program_cache | 256 |

| stored_program_definition_cache | 256 |

| table_definition_cache | 2000 |

| table_open_cache | 4000 |

| table_open_cache_instances | 16 |

| tablespace_definition_cache | 256 |

| thread_cache_size | 9 |

+----------------------------------------------+---------------------

44 rows in set (0.00 sec)

mysql> SHOW GLOBAL VARIABLES LIKE 'tls_version';

+---------------+-------------------------------+

| Variable_name | Value |

+---------------+-------------------------------+

| tls_version | TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 |

+---------------+-------------------------------+

1 row in set (0.00 sec)

mysql> SHOW SESSION STATUS LIKE 'Ssl_version';

+---------------+-------+

| Variable_name | Value |

+---------------+-------+

| Ssl_version | |

+---------------+-------+

1 row in set (0.00 sec)

mysql> SHOW GLOBAL VARIABLES LIKE 'have_%ssl';

+---------------+-------+

| Variable_name | Value |

+---------------+-------+

| have_openssl | YES |

| have_ssl | YES |

+---------------+-------+

2 rows in set (0.00 sec)

mysql> SHOW STATUS LIKE 'Ssl_server_not%';

+-----------------------+--------------------------+

| Variable_name | Value |

+-----------------------+--------------------------+

| Ssl_server_not_after | May 22 09:02:32 2031 GMT |

| Ssl_server_not_before | Jul 13 09:02:32 2021 GMT |

+-----------------------+--------------------------+

2 rows in set (0.00 sec)

mysql> SHOW STATUS LIKE 'Ssl_cipher';

+---------------+-------+

| Variable_name | Value |

+---------------+-------+

| Ssl_cipher | |

+---------------+-------+

1 row in set (0.00 sec)

mysql> show variables like '%ssl%';

+-------------------------------------+--------------------------------+

| Variable_name | Value |

+-------------------------------------+------------------------------

| admin_ssl_ca | |

| admin_ssl_capath | |

| admin_ssl_cert | |

| admin_ssl_cipher | |

| admin_ssl_crl | |

| admin_ssl_crlpath | |

| admin_ssl_key | |

| have_openssl | YES |

| have_ssl | YES |

| mysqlx_ssl_ca | |

| mysqlx_ssl_capath | |

| mysqlx_ssl_cert | |

| mysqlx_ssl_cipher | |

| mysqlx_ssl_crl | |

| mysqlx_ssl_crlpath | |

| mysqlx_ssl_key | |

| performance_schema_show_processlist | OFF |

| ssl_ca | /var/lib/mysql/ca.pem |

| ssl_capath | |

| ssl_cert | /var/lib/mysql/server-cert.pem |

| ssl_cipher | |

| ssl_crl | |

| ssl_crlpath | |

| ssl_fips_mode | OFF |

| ssl_key | /var/lib/mysql/server-key.pem |

+-------------------------------------+------------------------------

25 rows in set (0.01 sec)

=====================================================================

Create SSL Users / Non SSL Users from MySQL Server Level

=====================================================================

From Database level connect to the mysql and create SSL / Non SSL users by using below commands.

[root@mysql-server ~]# mysql -u root -p

Enter password:root

Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 14 Server version: 8.0.22-

commercial MySQL Enterprise Server – Commercial .Copyright (c) 2000, 2020, Oracle and/or its affiliates. All

rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may

be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input

statement.

mysql> SHOW DATABASES;

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| performance_schema |

| sys |

+--------------------+

4 rows in set (0.00 sec)

mysql> CREATE DATABASE ssl_db;

Query OK, 1 row affected (0.01 sec)

mysql> CREATE DATABASE non_ssl_db;

Query OK, 1 row affected (0.01 sec)

mysql> SHOW DATABASES;

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| non_ssl_db |

| performance_schema |

| ssl_db |

| sys |

+--------------------+

6 rows in set (0.00 sec)

mysql> select user,host,authentication_string from mysql.user;

+------------------+-----------+-------------------------------------

| user | host | authentication_string |

+------------------+-----------+-------------------------------------

| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| root | localhost | $A$005$]%,Dl'z:}I1%]d5*SC71z.D2YYhfTLkwQ6Q/QQ9ise4DRZKIR1BlJnB6en/2 |

+------------------+-----------+-------------------------------------

4 rows in set (0.00 sec)

mysql> CREATE USER 'test_ssl'@'localhost' IDENTIFIED BY 'test_ssl' REQUIRE SSL;

Query OK, 0 rows affected (0.01 sec)

mysql> CREATE USER 'test_ssl'@'%' IDENTIFIED BY 'test_ssl' REQUIRE SSL;

Query OK, 0 rows affected (0.02 sec)

mysql> CREATE USER 'test_non_ssl'@'%' IDENTIFIED BY 'test_non_ssl';

Query OK, 0 rows affected (0.01 sec)

mysql> CREATE USER 'test_non_ssl'@'localhost' IDENTIFIED BY 'test_non_ssl';

Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON ssl_db.* TO 'test_ssl'@'%';

Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON ssl_db.* TO 'test_ssl'@'localhost';

Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;

Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON non_ssl_db.* TO 'test_non_ssl'@'%';

Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON non_ssl_db.* TO 'test_non_ssl'@'localhost';

Query OK, 0 rows affected (0.01 sec)

mysql> FLUSH PRIVILEGES;

Query OK, 0 rows affected (0.01 sec)

mysql> select user,host,authentication_string from mysql.user;

+------------------+-----------+-------------------------------------

| user | host | authentication_string |

+------------------+-----------+-------------------------------------

| test_non_ssl | % | $A$005$TW/;bc>~4'*#g166lu1c1r304pGF0DurG1JDbZ5WKRoxf.NwqZasrZL.0 |

| test_ssl | % | $A$005$>|u0LQ&2dx1Lfy0wULlyD06nVc8meMzSt5tPVPdyZuEI2DJERjkIW1s5C8 |

| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.session | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.sys | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| root | localhost | $A$005$]%,Dl'z:}I1%]d5*SC71z.D2YYhfTLkwQ6Q/QQ9ise4DRZKIR1BlJnB6en/2 |

| test_non_ssl | localhost | $A$005$[=`7"MYMg3Ni1A-vF6YNYUzhw7vq4Eoox5n9pku5xu9WhCBEMfnyHRy3v8 |

| test_ssl | localhost | $A$005$TW/;)'=?OJsiQf5XEyeTPW9olL4xcM/WY2NNM9G3HM6vNr./Ceb8 |

+------------------+-----------+------------------------------------------------------------------------+

8 rows in set (0.00 sec)

mysql> SHOW GRANTS for 'test_non_ssl'@'localhost';

+--------------------------------------------------------------------

| Grants for test_non_ssl@localhost |

+--------------------------------------------------------------------

| GRANT USAGE ON *.* TO `test_non_ssl`@`localhost` |

| GRANT ALL PRIVILEGES ON `non_ssl_db`.* TO `test_non_ssl`@`localhost` |

+--------------------------------------------------------------------

2 rows in set (0.00 sec)

mysql> SHOW GRANTS for 'test_non_ssl'@'%';

+--------------------------------------------------------------+

| Grants for test_non_ssl@% |

+--------------------------------------------------------------+

| GRANT USAGE ON *.* TO `test_non_ssl`@`%` |

| GRANT ALL PRIVILEGES ON `non_ssl_db`.* TO `test_non_ssl`@`%` |

+--------------------------------------------------------------+

2 rows in set (0.00 sec)

mysql> SHOW GRANTS for 'test_ssl'@'%';

+------------------------------------------------------+

| Grants for test_ssl@% |

+------------------------------------------------------+

| GRANT USAGE ON *.* TO `test_ssl`@`%` |

| GRANT ALL PRIVILEGES ON `ssl_db`.* TO `test_ssl`@`%` |

+------------------------------------------------------+

2 rows in set (0.00 sec)

mysql> SHOW GRANTS for 'test_ssl'@'localhost';

+--------------------------------------------------------------+

| Grants for test_ssl@localhost |

+--------------------------------------------------------------+

| GRANT USAGE ON *.* TO `test_ssl`@`localhost` |

| GRANT ALL PRIVILEGES ON `ssl_db`.* TO `test_ssl`@`localhost` |

+--------------------------------------------------------------+

2 rows in set (0.00 sec)

=====================================================================

Test connection from MySQL Server Level : - DB_Server - Within the server

=====================================================================

[root@mysql-server ~]# hostname

mysql-server

[root@mysql-server ~]# mysql --ssl-ca=/var/lib/mysql/ca.pem --ssl-cert=/var/lib/mysql/client-cert.pem --ssl-key=

/var/lib/mysql/client-key.pem -u test_ssl -p

Enter password:test_ssl

Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 16.Server version: 8.0.22-

commercial MySQL Enterprise Server – Commercial Copyright (c) 2000, 2020, Oracle and/or its affiliates. All

rights reserved.Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may

be trademarks of their respective owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input

statement. You are enforcing ssl connection via unix socket. Please consider switching ssl off as it does not

make connection via unix socket any more secure.

mysql> status;

--------------

mysql Ver 8.0.22-commercial for Linux on x86_64 (MySQL Enterprise Server - Commercial)

Connection id: 16

Current database:

Current user: test_ssl@localhost

SSL: Cipher in use is TLS_AES_256_GCM_SHA384

Current pager: stdout

Using outfile: ''

Using delimiter: ;

Server version: 8.0.22-commercial MySQL Enterprise Server - Commercial

Protocol version: 10

Connection: Localhost via UNIX socket

Server characterset: utf8mb4

Db characterset: utf8mb4

Client characterset: utf8mb4

Conn. characterset: utf8mb4

UNIX socket: /var/lib/mysql/mysql.sock

Binary data as: Hexadecimal

Uptime: 1 hour 9 min 25 sec

Threads: 2 Questions: 90 Slow queries: 0 Opens: 220 Flush tables: 3 Open tables: 141 Queries per second

avg: 0.021

--------------

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| ssl_db |

+--------------------+

2 rows in set (0.00 sec)

mysql> SHOW GLOBAL VARIABLES LIKE 'tls_version';

+---------------+-------------------------------+

| Variable_name | Value |

+---------------+-------------------------------+

| tls_version | TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 |

+---------------+-------------------------------+

1 row in set (0.00 sec)

mysql> SHOW SESSION STATUS LIKE 'Ssl_version';

+---------------+---------+

| Variable_name | Value |

+---------------+---------+

| Ssl_version | TLSv1.3 |

+---------------+---------+

1 row in set (0.01 sec)

mysql> SHOW STATUS LIKE 'Ssl_cipher';

+---------------+------------------------+

| Variable_name | Value |

+---------------+------------------------+

| Ssl_cipher | TLS_AES_256_GCM_SHA384 |

+---------------+------------------------+

1 row in set (0.00 sec)

mysql> show processlist;

+----+----------+-----------+------+---------+------+-------+--------

| Id | User | Host | db | Command | Time | State | Info |

+----+----------+-----------+------+---------+------+-------+------------------+

| 16 | test_ssl | localhost | NULL | Query | 0 | init | show processlist |

+----+----------+-----------+------+---------+------+-------+--------

1 row in set (0.00 sec)

mysql> select user();

+--------------------+

| user() |

+--------------------+

| test_ssl@localhost |

+--------------------+

1 row in set (0.00 sec)

mysql> select database();

+------------+

| database() |

+------------+

| NULL |

+------------+

1 row in set (0.00 sec)

mysql> use ssl_db;

Database changed

mysql> select database();

+------------+

| database() |

+------------+

| ssl_db |

+------------+

1 row in set (0.00 sec)

=====================================================================

Test connection from client to MySQL Database - Client_Host_Name (Client) to DB_Server (Server)

=====================================================================

Install mysql client in client Machine

[root@mysql-client RPM]# rpm -ivh mysql-commercial-common-8.0.22-1.1.el8.x86_64.rpm

[root@mysql-client RPM]# rpm -ivh mysql-commercial-client-plugins-8.0.22-1.1.el8.x86_64.rpm

[root@mysql-client RPM]# rpm -ivh mysql-commercial-client-8.0.22-1.1.el8.x86_64.rpm

[root@mysql-client RPM]# rpm -ivh mysql-commercial-libs-8.0.22-1.1.el8.x86_64.rpm

[root@mysql-client RPM]# rpm -qa | grep -i mysql

mysql-commercial-client-8.0.22-1.1.el8.x86_64

mysql-commercial-common-8.0.22-1.1.el8.x86_64

mysql-commercial-libs-8.0.22-1.1.el8.x86_64

mysql-commercial-client-plugins-8.0.22-1.1.el8.x86_64

The client needs these files:

ca.pem

client-cert.pem

client-key.pem

Note : The two ca.pem files MUST be the same.

Copied ca.pem,client-cert.pem and client-key.pem in to client machine /etc/SSL_CERT path

[root@mysql-client ec2-user]# pwd

/home/ec2-user

[root@mysql-client ec2-user]# ls -ltr

drwxrwxr-x. 2 ec2-user ec2-user 4096 Jul 13 11:06 RPM

-rw-rw-r--. 1 ec2-user ec2-user 1679 Jul 13 11:12 client-key.pem

-rw-rw-r--. 1 ec2-user ec2-user 1147 Jul 13 11:12 client-cert.pem

-rw-rw-r--. 1 ec2-user ec2-user 1289 Jul 13 11:12 ca.pem

[root@mysql-client ec2-user]# cd /etc/

[root@mysql-client etc]# mkdir client_cert

[root@mysql-client etc]# mv /home/ec2-user/client* /etc/client_cert/

[root@mysql-client etc]# mv /home/ec2-user/ca.pem /etc/client_cert/

[root@mysql-client etc]# cd /etc/client_cert/

[root@mysql-client client_cert]# pwd

/etc/client_cert

[root@mysql-client client_cert]# ls -ltr

-rw-rw-r--. 1 ec2-user ec2-user 1679 Jul 13 11:12 client-key.pem

-rw-rw-r--. 1 ec2-user ec2-user 1147 Jul 13 11:12 client-cert.pem

-rw-rw-r--. 1 ec2-user ec2-user 1289 Jul 13 11:12 ca.pem

[root@mysql-client client_cert]# chown root:root client-key.pem client-cert.pem ca.pem

[root@mysql-client client_cert]# pwd

/etc/client_cert

[root@mysql-client client_cert]# ls -ltr

-rw-rw-r--. 1 root root 1679 Jul 13 11:12 client-key.pem

-rw-rw-r--. 1 root root 1147 Jul 13 11:12 client-cert.pem

-rw-rw-r--. 1 root root 1289 Jul 13 11:12 ca.pem

[root@mysql-client ~]# mysql --ssl-ca=/etc/client_cert/ca.pem --ssl-cert=/etc/client_cert/client-cert.pem --sslkey=/

etc/client_cert/client-key.pem -h 172.31.17.141 -u test_ssl -p

Enter password:test_ssl

Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 18 Server version: 8.0.22-

commercial MySQL Enterprise Server – Commercial.Copyright (c) 2000, 2020, Oracle and/or its affiliates. All

rights reserved.Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may

be trademarks of their respective owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input

statement.

mysql> status;

--------------

mysql Ver 8.0.22-commercial for Linux on x86_64 (MySQL Enterprise Server - Commercial)

Connection id: 18

Current database:

Current user: test_ssl@ip-172-31-25-170.ec2.internal

SSL: Cipher in use is TLS_AES_256_GCM_SHA384

Current pager: stdout

Using outfile: ''

Using delimiter: ;

Server version: 8.0.22-commercial MySQL Enterprise Server - Commercial

Protocol version: 10

Connection: 172.31.17.141 via TCP/IP

Server characterset: utf8mb4

Db characterset: utf8mb4

Client characterset: utf8mb4

Conn. characterset: utf8mb4

TCP port: 3306

Binary data as: Hexadecimal

Uptime: 1 hour 31 min 31 sec

Threads: 2 Questions: 110 Slow queries: 0 Opens: 228 Flush tables: 3 Open tables: 149 Queries per second

avg: 0.020

--------------

mysql> SHOW SESSION STATUS LIKE 'Ssl_version';

+---------------+---------+

| Variable_name | Value |

+---------------+---------+

| Ssl_version | TLSv1.3 |

+---------------+---------+

1 row in set (0.01 sec)

mysql> SHOW STATUS LIKE 'Ssl_cipher';

+---------------+------------------------+

| Variable_name | Value |

+---------------+------------------------+

| Ssl_cipher | TLS_AES_256_GCM_SHA384 |

+---------------+------------------------+

1 row in set (0.00 sec)

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| ssl_db |

+--------------------+

2 rows in set (0.00 sec)

From DB server we are able to see above session from processlist.

mysql> show processlist;

+----+-----------------+-------------------------------------+------

| Id | User | Host | db | Command | Time | State |

Info |

+----+-----------------+-------------------------------------+------

| 5 | event_scheduler | localhost | NULL | Daemon | 5617 | Waiting on empty queue |

NULL |

| 18 | test_ssl | ip-172-31-25-170.ec2.internal:38440 | NULL | Sleep | 29 | |

NULL |

| 19 | root | localhost | NULL | Query | 0 | init |

show processlist |

+----+-----------------+-------------------------------------+------

3 rows in set (0.00 sec)

Without SSL Connection :-

Within the DB server :-

-------------------------

[root@mysql-server ~]# mysql -u test_non_ssl -p

Enter password:test_non_ssl

Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 22.Server version: 8.0.22-commercial MySQL Enterprise Server – Commercial.Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> status;

--------------

mysql Ver 8.0.22-commercial for Linux on x86_64 (MySQL Enterprise Server - Commercial)

Connection id: 22

Current database:

Current user: test_non_ssl@localhost

SSL: Not in use

Current pager: stdout

Using outfile: ''

Using delimiter: ;

Server version: 8.0.22-commercial MySQL Enterprise Server - Commercial

Protocol version: 10

Connection: Localhost via UNIX socket

Server characterset: utf8mb4

Db characterset: utf8mb4

Client characterset: utf8mb4

Conn. characterset: utf8mb4

UNIX socket: /var/lib/mysql/mysql.sock

Binary data as: Hexadecimal

Uptime: 1 hour 36 min 35 sec

Threads: 2 Questions: 124 Slow queries: 0 Opens: 234 Flush tables: 3 Open tables: 155 Queries per second avg:

0.021

--------------

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| non_ssl_db |

+--------------------+

2 rows in set (0.00 sec)

Here we don’t see any SSL Cipher . So this is normal authentication.

From ODBC we should able to connect with VERIFY-CA option using ODBC 5.3 Drivers .

Comments

Popular posts from this blog

Know about MySQL BINLOG FORMATS

How to Calculate Bin Log Sizes