Created
January 25, 2019 10:25
-
-
Save tjlee/947cd2c8d13e4a9ee54a8f7c512eedcd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ho to set up SSL env | |
docker-compose up -d mysql80X | |
exec inside | |
find /var/lib/mysql -name '*.pem' -ls | |
cd /etc/mysql | |
require_secure_transport = ON | |
restart container | |
CREATE USER 'remote_user'@'%' IDENTIFIED BY 'password' REQUIRE SSL; | |
CREATE DATABASE example; | |
GRANT ALL ON example.* TO 'remote_user'@'%; | |
FLUSH PRIVILEGES; | |
ALTER USER 'remote_user'@'%' REQUIRE X509; | |
FLUSH PRIVILEGES; | |
mysql -u remote_user -p -h mysql_server_IP --ssl-ca=~/client-ssl/ca.pem --ssl-cert=~/client-ssl/client-cert.pem --ssl-key=~/client-ssl/client-key.pem | |
jdbc:mysql://192.168.99.100:33081/example?useSSL=true&requireSSL=true | |
./mysql.exe -u remote_user -p -h 192.168.99.100 --port=33081 --ssl-ca=/e/__tmp/mysqlssl/ca.pem --ssl-cert=/e/_ | |
_tmp/mysqlssl/client-cert.pem --ssl-key=/e/__tmp/mysqlssl/client-key.pem | |
-- optional | |
./keytool.exe -keystore /c/Program\ Files/JetBrains/DataGrip\ 2018.3.2/jre64/lib/security/cacerts -importcert | |
-alias mysqlssl -file /e/__tmp/mysqlssl/ca.pem | |
./keytool.exe -keystore /c/Program\ Files/JetBrains/DataGrip\ 2018.3.2/jre64/lib/security/cacerts -importcert | |
-alias mysqlssl -file /e/__tmp/mysqlssl/ca.pem -keystore /e/__tmp/mysqlssl/truststore.jks | |
-Djavax.net.ssl.trustStore="E:\__tmp\mysqlssl\truststore.jks" -Djavax.net.ssl.trustStorePassword=password -Djavax.net.debug=all -Djavax.net.ssl.keyStore="E:\__tmp\mysqlssl\truststore.jks" -Djavax.net.ssl.keyStorePassword=password -Djdk.tls.client.protocols="TLSv1" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment