SHARE
TWEET

Untitled

a guest Jan 26th, 2019 94 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Ho to set up SSL env
  2.  
  3. docker-compose up -d mysql80X
  4. exec inside
  5. find /var/lib/mysql -name '*.pem' -ls
  6.  
  7. cd /etc/mysql
  8. require_secure_transport = ON
  9.  
  10. restart container
  11.  
  12. CREATE USER 'remote_user'@'%' IDENTIFIED BY 'password' REQUIRE SSL;
  13. CREATE DATABASE example;
  14. GRANT ALL ON example.* TO 'remote_user'@'%;
  15. FLUSH PRIVILEGES;
  16. ALTER USER 'remote_user'@'%' REQUIRE X509;
  17. FLUSH PRIVILEGES;
  18.  
  19. mysql -u remote_user -p -h mysql_server_IP --ssl-ca=~/client-ssl/ca.pem --ssl-cert=~/client-ssl/client-cert.pem --ssl-key=~/client-ssl/client-key.pem
  20.  
  21. jdbc:mysql://192.168.99.100:33081/example?useSSL=true&requireSSL=true
  22.  
  23. ./mysql.exe -u remote_user -p -h 192.168.99.100 --port=33081 --ssl-ca=/e/__tmp/mysqlssl/ca.pem --ssl-cert=/e/_
  24. _tmp/mysqlssl/client-cert.pem --ssl-key=/e/__tmp/mysqlssl/client-key.pem
  25.  
  26. -- optional
  27. ./keytool.exe -keystore /c/Program\ Files/JetBrains/DataGrip\ 2018.3.2/jre64/lib/security/cacerts -importcert
  28. -alias mysqlssl -file /e/__tmp/mysqlssl/ca.pem
  29.  
  30. ./keytool.exe -keystore /c/Program\ Files/JetBrains/DataGrip\ 2018.3.2/jre64/lib/security/cacerts -importcert
  31. -alias mysqlssl -file /e/__tmp/mysqlssl/ca.pem -keystore /e/__tmp/mysqlssl/truststore.jks
  32.  
  33. -Djavax.net.ssl.trustStore="E:\__tmp\mysqlssl\truststore.jks" -Djavax.net.ssl.trustStorePassword=password -Djavax.net.debug=all -Djavax.net.ssl.keyStore="E:\__tmp\mysqlssl\truststore.jks" -Djavax.net.ssl.keyStorePassword=password -Djdk.tls.client.protocols="TLSv1"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top