备份数据库是生产环境中的首要任务,重中之重,有时候不得不通过网络进行数据库的复制,这样就需要保证数据在网络传输过程中的安全性,因此使用基于SSL的复制会大加强数据的安全性
二、准备工作
1、主从服务器时间同步
[root@master CA]
Generating RSA private key, 2048 bit long modulus
..........................................+++
..................+++
e is 65537 (0x10001)
[root@master CA]
[root@master CA]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter
'.'
, the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:sina
Organizational Unit Name (eg, section) []:mysql
Common Name (eg, your name or your server's
hostname
) []:master.sina.com
Email Address []:
[root@master CA]
[root@master CA]
[root@master ssl]
Generating RSA private key, 2048 bit long modulus
..........+++
............................................................+++
e is 65537 (0x10001)
[root@master ssl]
[root@master ssl]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter
'.'
, the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:sina
Organizational Unit Name (eg, section) []:mysql
Common Name (eg, your name or your server's
hostname
) []:master.sina.com
Email Address []:
Please enter the following
'extra'
attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@master ssl]
[root@master ssl]
Using configuration from
/etc/pki/tls/openssl
.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: May 3 13:34:58 2014 GMT
Not After : Apr 9 13:34:58 2114 GMT
Subject:
countryName = CN
stateOrProvinceName = Beijing
organizationName = sina
organizationalUnitName = mysql
commonName = master.sina.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
62:EF:37:1D:96:FF:8A:89:47:09:2D:93:74:42:14:BF:8E:AC:51:49
X509v3 Authority Key Identifier:
keyid:6B:73:D6:FE:81:13:2C:0E:EC:61:EE:F7:6F:92:91:6D:82:37:A0:11
Certificate is to be certified
until
Apr 9 13:34:58 2114 GMT (36500 days)
Sign the certificate? [y
/n
]:y
1 out of 1 certificate requests certified, commit? [y
/n
]y
Write out database with 1 new entries
Data Base Updated
[root@slave ssl]
Generating RSA private key, 2048 bit long modulus
.....................................................+++
........................................+++
e is 65537 (0x10001)
[root@slave ssl]
[root@slave ssl]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter
'.'
, the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:sina
Organizational Unit Name (eg, section) []:mysql
Common Name (eg, your name or your server's
hostname
) []:slave.sina.com
Email Address []:
Please enter the following
'extra'
attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@slave ssl]
[root@slave ssl]
[root@slave ssl]
Using configuration from
/etc/pki/tls/openssl
.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2 (0x2)
Validity
Not Before: May 3 13:43:28 2014 GMT
Not After : Apr 9 13:43:28 2114 GMT
Subject:
countryName = CN
stateOrProvinceName = Beijing
organizationName = sina
organizationalUnitName = mysql
commonName = slave.sina.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
20:CB:55:9C:D0:7A:F0:25:70:AC:84:2B:8E:F4:24:FB:1F:51:48:9D
X509v3 Authority Key Identifier:
keyid:6B:73:D6:FE:81:13:2C:0E:EC:61:EE:F7:6F:92:91:6D:82:37:A0:11
Certificate is to be certified
until
Apr 9 13:43:28 2114 GMT (36500 days)
Sign the certificate? [y
/n
]:y
1 out of 1 certificate requests certified, commit? [y
/n
]y
Write out database with 1 new entries
Data Base Updated
[root@master ~]
[root@master ~]
[root@master ~]
total 20
-rw-r--r-- 1 mysql mysql 1330 May 3 21:48 cacert.pem
-rw-r--r-- 1 mysql mysql 4465 May 3 21:35 master.crt
-rw-r--r-- 1 mysql mysql 1009 May 3 21:33 master.csr
-rw------- 1 mysql mysql 1675 May 3 21:32 master.key
[root@slave ssl]
[root@slave ssl]
total 20
-rw-r--r-- 1 mysql mysql 1330 May 3 21:49 cacert.pem
-rw-r--r-- 1 mysql mysql 4460 May 3 21:44 slave.crt
-rw-r--r-- 1 mysql mysql 1005 May 3 21:40 slave.csr
-rw------- 1 mysql mysql 1679 May 3 21:38 slave.key
MariaDB [(none)]> show variables like
'%ssl%'
;
+---------------+---------------------------------+
| Variable_name | Value |
+---------------+---------------------------------+
| have_openssl | NO |
| have_ssl | YES |
| ssl_ca |
/usr/local/mysql/ssl/cacert
.pem |
| ssl_capath | |
| ssl_cert |
/usr/local/mysql/ssl/master
.crt |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key |
/usr/local/mysql/ssl/master
.key |
+---------------+---------------------------------+
MariaDB [(none)]>
MariaDB [(none)]> grant replication slave,replication client on *.* to
'repluser'
@
'172.16.%.%'
identified by
'repluser'
require ssl;
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> show master status;
+-------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+-------------------+----------+--------------+------------------+
| master-bin.000002 | 652 | | |
+-------------------+----------+--------------+------------------+
MariaDB [(none)]> show variables like
'%ssl%'
;
+---------------+---------------------------------+
| Variable_name | Value |
+---------------+---------------------------------+
| have_openssl | NO |
| have_ssl | YES |
| ssl_ca |
/usr/local/mysql/ssl/cacert
.pem |
| ssl_capath | |
| ssl_cert |
/usr/local/mysql/ssl/slave
.crt |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key |
/usr/local/mysql/ssl/slave
.key |
+---------------+---------------------------------+
MariaDB [(none)]> change master to master_host=
'172.16.7.202'
,master_user=
'repluser'
,master_password=
'repluser'
,master_log_file=
'master-bin.000002'
,master_log_pos=652,master_ssl=1,master_ssl_ca=
'/usr/local/mysql/ssl/cacert.pem'
,master_ssl_cert=
'/usr/local/mysql/ssl/slave.crt'
,master_ssl_key=
'/usr/local/mysql/ssl/slave.key'
;
Query OK, 0 rows affected (0.06 sec)
MariaDB [(none)]>
MariaDB [(none)]>
MariaDB [(none)]> start slave;
Query OK, 0 rows affected (0.04 sec)
MariaDB [(none)]>
MariaDB [(none)]>
MariaDB [(none)]> show slave status\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting
for
master to send event
Master_Host: 172.16.7.202
Master_User: repluser
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: master-bin.000002
Read_Master_Log_Pos: 652
Relay_Log_File: relay.000002
Relay_Log_Pos: 536
Relay_Master_Log_File: master-bin.000002
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 652
Relay_Log_Space: 823
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: Yes
Master_SSL_CA_File:
/usr/local/mysql/ssl/cacert
.pem
Master_SSL_CA_Path:
Master_SSL_Cert:
/usr/local/mysql/ssl/slave
.crt
Master_SSL_Cipher:
Master_SSL_Key:
/usr/local/mysql/ssl/slave
.key
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 1
Master_SSL_Crl:
/usr/local/mysql/ssl/cacert
.pem
Master_SSL_Crlpath:
Using_Gtid: No
Gtid_IO_Pos:
1 row
in
set
(0.00 sec)
MariaDB [(none)]> create database hlbrc;
Query OK, 1 row affected (0.01 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| hlbrc |
| information_schema |
| mysql |
| performance_schema |
|
test
|
+--------------------+
【C#】【MySQL】【配置数据源】SSL Connection error 发生一个或多个错误。由于·意外的数据包格式,握手失败
【C#】【MySQL】【配置数据源】SSL Connection error 发生一个或多个错误。由于·意外的数据包格式,握手失败
版权声明:本文首发 http://asing1elife.com ,转载请注明出处。 https://blog.csdn.net/asing1elife/article/details/82696866
key1:
String url="jdbc:mysql://localhost:3306/test1?useUnicode=true&characterEncoding=utf-8&useSSL=false";
key2:
?useSSL=false
