-
-
Notifications
You must be signed in to change notification settings - Fork 42
Set up SSL
Oleg edited this page May 19, 2017
·
1 revision
The library supports secure connections using SSL. However, the developer is responsible for the correct certificates and keys. Note, MySQL 5.7.10 supports the specific ciphers lists.
To set up SSL you need to generate the server, client and CA certificates and keys. There some different ways to do that. The simplest one is using mysql_ssl_rsa_setup. Also you can do that step-by-step using openssl. MySQL Workbench is also good way to generate certificates and keys quickly.
Instructions to set up secure connection:
- Create a new directory:
mkdir newcerts && cd newcerts. - Generate stuffs:
mysql_ssl_rsa_setup --datadir .. - Create configuration file:
touch my.cnf && open -e my.cnf. - Copy and paste the following:
[client]
ssl-ca=$DIR/ca.pem
ssl-cert=$DIR/client-cert.pem
ssl-key=$DIR/client-key.pem
[mysqld]
ssl-ca=$DIR/ca.pem
ssl-cert=$DIR/server-cert.pem
ssl-key=$DIR/server-key.pem
Instead of $DIR insert the path to new certificates (command pwd will help you).
- Move configuration file:
sudo mv my.cnf /etc. - Restart MySQL server. When it is launching you will see the warning [Warning] CA certificate ... is self signed. It is OK and means that connection is secure.
- Now go to code, you should make connection with valid paths to the client certificates:
OHSSLConfig *config = [[OHSSLConfig alloc] initWithKey:@"/Users/oleg/Desktop/newcerts/client-key.pem"
certPath:@"/Users/oleg/Desktop/newcerts/client-cert.pem"
certAuthPath:@"/Users/oleg/Desktop/newcerts/ca.pem"
certAuthPEMPath:@"/Users/oleg/Desktop/newcerts/"
cipher:nil];
OHMySQLUser *user = [[OHMySQLUser alloc] initWithUserName:@"root"
password:@""
sslConfig:config
serverName:@"localhost"
dbName:@"ohmysql"
port:3306
socket:@"/tmp/mysql.sock"];