Mysql
當我使用 –ssl 啟動 mysqld 時,MariaDB 總是顯示 SSL 未使用
- CentOS 7.2.1511
- Linux 3.10.0-123.9.3.el7.x86_64
- 瑪麗亞數據庫:10.1.11
/etc/my.cnf
# # This group is read both both by the client and the server # use it for options that affect everything # [client-server] # # include all files from the config directory # !includedir /etc/my.cnf.d [mysqld] ssl ssl-ca = /root/ca.pem ssl-cert = /root/server-cert.pem ssl-key = /root/server-key.pem bind-address = 0.0.0.0 port = 3306 max_allowed_packet = 16M [mysqldump] max_allowed_packet = 16M
我用命令啟動了 mariadb:
systemctl start mysql
然後我用 root 登錄 mysql
status
顯示 SSLNot in use
。然後我輸入show variables like '%ssl%';
我得到一張桌子:
+---------------------+---------------------------------+ | Variable_name | Value | +---------------------+---------------------------------+ | have_openssl | YES | | have_ssl | DISABLED | | ssl_ca | /root/ca.pem | | ssl_capath | | | ssl_cert | /root/server-cert.pem | | ssl_cipher | | | ssl_crl | | | ssl_crlpath | | | ssl_key | /root/server-key.pem | | version_ssl_library | OpenSSL 1.0.1e-fips 11 Feb 2013 | +---------------------+---------------------------------+
最後我什至嘗試使用 ssl 登錄,但顯然失敗了。
更新
以下是錯誤日誌文件中的一些警告消息:
[Warning] Failed to setup SSL [Warning] SSL error: SSL_CTX_set_default_verify_paths failed [Warning] SSL error: error:0200100D:system library:fopen:Permission denied [Warning] SSL error: error:2006D002:BIO_new_file:system lib [warning] SSL error: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
MariaDB 不允許訪問根目錄中的文件
/root
。因此,CA、證書和私鑰文件是不可讀的。這些文件在 RHEL 上的標準位置位於
/etc/pki
:/etc/pki/CA
和. 如果您將它們複製到此處,並設置適當的所有權和權限,以便 MariaDB 可以讀取它們,您會發現它可以工作。或者,您可以將證書和私鑰文件放在./etc/pki/tls/certs``/etc/pki/tls/private``/etc/mysql