1. Generate self signed client-key and client pem and server-cert and server.pem

1. 1. Generate self signed client-key and client pem and server-cert and server.pem files
2. openssl genrsa 2048 > ca-key.pem
3. openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem
4. openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout server-key.pem > server-req.pem
5. openssl x509 -sha1 -req -in server-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
6. openssl rsa -in server-key.pem -out server-key.pem
7. openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout client-key.pem > client-req.pem
8. openssl x509 -sha1 -req -in client-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
9. openssl rsa -in client-key.pem -out client-key.pem
10.  
11. 2. copy all the pem files in mysql path
12. sudo cp ca-cert.pem server-cert.pem server-key.pem client-cert.pem client-key.pem /etc/mysql
13.  
14. 3.add this under [client] section of my.conf section:
15. ssl-ca=/etc/mysql/ca-cert.pem
16. ssl-cert=/etc/mysql/client-cert.pem
17. ssl-key=/etc/mysql/client-key.pem
18.  
19. 4.Uncomment the following lines
20. ssl=1
21. ssl-ca=/etc/mysql/ca-cert.pem
22. ssl-cert=/etc/mysql/server-cert.pem
23. ssl-key=/etc/mysql/server-key.pem
24.  
25. 5.restart mysql
26. sudo service mysql restart
27.  
28.  
29. 6.in config/database.yml
30. in default write
31. sslkey: /etc/mysql/client-key.pem
32. sslcert: /etc/mysql/client-cert.pem
33. sslca: /etc/mysql/ca-cert.pem
34. sslcapath: /etc/mysql
35.  
36. GRANT ALL PRIVILEGES TO 'root'@'%' REQUIRE SSL;
37. UPDATE mysql.user SET password=PASSWORD('root') WHERE User='root' AND Host='%';
38. FLUSH PRIVILEGES;