基于SSL的mysql主从复制
基于SSL的mysql主从复制【背景】MySQL的协议是明文的,当复制一些重要数据时。有时需要用到SSL功能,以保证数据的安全性。【准备】准备前期准备一.主从时间一致
[root@node3 support-files]# crontab -e ####主节点 */3 * * * * /usr/sbin/ntpdate 172.16.0.1 &> /dev/null [root@node1 CA ]# crontab -e ####从节 */3 * * * * /usr/sbin/ntpdate 172.16.0.1 &> /dev/null三.
[root@node1 CA ]#(umask 077;openssl genrsa -out private/cakey.pem 1024) Generating RSA private key, 1024 bit long modulus ...................++++++ ................++++++ e is 65537 (0x10001)[root@node1 CA ]#openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:magedu Organizational Unit Name (eg, section) []:14qi Common Name (eg,your name or your server's hostname) []:cacert Email Address []:admin.stu11.com [root@node1 CA ]# touch index.txt [root@node1 CA ]# echo 01 > serial[root@node1 CA ]# cd /etc/mysql/ssl/ [root@node1 ssl ]# (umask 077;openssl genrsa -out master.key 1024) Generating RSA private key, 1024 bit long modulus ...................................++++++ .............................++++++ e is 65537 (0x10001)[root@node1ssl ]# openssl req -new -key master.key -out master.csr -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:magedu Organizational Unit Name (eg, section) []:14qi Common Name (eg, your name or your server's hostname) []:master.crt Email Address[]:admin@stu11.com Please enter thefollowing 'extra' attributes to be sent with your certificate request A challenge password[]: An optional company name []:[root@node1 ssl ]#openssl ca -in master.csr -out master.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Jan 25 07:12:12 2015 GMT Not After : Jan 25 07:12:12 2016 GMT Subject: countryName = CN stateOrProvinceName = HA organizationName = magedu organizationalUnitName = 14qi commonName = master.crt emailAddress = admin@stu11.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 93:50:74:97:39:91:86:5A:1F:C6:2F:6A:87:FB:77:04:7B:70:33:5C X509v3 Authority Key Identifier: keyid:C0:69:22:4E:9A:E5:BD:13:2B:BD:93:7B:0F:99:E6:0F:3A:FA:40:7E Certificate is to be certified until Jan 25 07:12:12 2016 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated [root@node1 ssl ]# ls master.crt master.csr master.key [root@node1 ssl ]# chown -R mysql:mysql * [root@node1 ssl ]#ll total 16 -rw-r--r-- 1 mysql mysql 1013 Jan 25 15:12 cacert.pem -rw-r--r-- 1 mysql mysql 3161 Jan 25 15:12 master.crt -rw-r--r-- 1 mysql mysql 680 Jan 25 15:11 master.csr -rw------- 1 mysql mysql 887 Jan 25 15:09 master.key[root@node3 ssl]# (umask 077;openssl genrsa -out slave.key 1024) Generating RSA private key, 1024 bit long modulus ..........................++++++ .........................++++++ e is 65537 (0x10001)[root@node3 ssl]# openssl req -new -key slave.key -out slave.csr -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:magedu Organizational Unit Name (eg, section) []:14qi Common Name (eg, your name or your server's hostname) []:slave.cert Email Address []:admin@stu11.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:[root@node3 ssl]# scp slave.csr 172.16.249.141:/etc/pki/CA/ [root@node1 CA ]# openssl ca -in slave.csr -out slave.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 2 (0x2) Validity Not Before: Jan 25 07:21:11 2015 GMT Not After : Jan 25 07:21:11 2016 GMT Subject: countryName = CN stateOrProvinceName = HA organizationName = magedu organizationalUnitName = 14qi commonName = slave.cert emailAddress = admin@stu11.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: F8:06:AD:F0:1D:8A:78:62:ED:A7:FF:BB:7A:F6:79:14:D4:FB:26:39 X509v3 Authority Key Identifier: keyid:C0:69:22:4E:9A:E5:BD:13:2B:BD:93:7B:0F:99:E6:0F:3A:FA:40:7E Certificate is to be certified until Jan 25 07:21:11 2016 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated [root@node1 CA ]# scp slave.crt 172.16.11.3:/etc/mysql/ssl/ [root@node1 CA ]# scp cacert.pem 172.16.11.3:/etc/mysql/ssl/ [root@node3 ssl]# chown -R mysql:mysql * [root@node3 ssl]# ll total 16 -rw-r--r-- 1 mysql mysql 1013 Jan 25 15:22 cacert.pem -rw-r--r-- 1 mysql mysql 3161 Jan 25 15:21 slave.crt -rw-r--r-- 1 mysql mysql 680 Jan 25 15:19 slave.csr -rw------- 1 mysql mysql 887 Jan 25 15:14 slave.key
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
MySQL: An Introduction to the World's Most Popular Database
Apr 12, 2025 am 12:18 AM
MySQL is an open source relational database management system, mainly used to store and retrieve data quickly and reliably. Its working principle includes client requests, query resolution, execution of queries and return results. Examples of usage include creating tables, inserting and querying data, and advanced features such as JOIN operations. Common errors involve SQL syntax, data types, and permissions, and optimization suggestions include the use of indexes, optimized queries, and partitioning of tables.
MySQL's Place: Databases and Programming
Apr 13, 2025 am 12:18 AM
MySQL's position in databases and programming is very important. It is an open source relational database management system that is widely used in various application scenarios. 1) MySQL provides efficient data storage, organization and retrieval functions, supporting Web, mobile and enterprise-level systems. 2) It uses a client-server architecture, supports multiple storage engines and index optimization. 3) Basic usages include creating tables and inserting data, and advanced usages involve multi-table JOINs and complex queries. 4) Frequently asked questions such as SQL syntax errors and performance issues can be debugged through the EXPLAIN command and slow query log. 5) Performance optimization methods include rational use of indexes, optimized query and use of caches. Best practices include using transactions and PreparedStatemen
Why Use MySQL? Benefits and Advantages
Apr 12, 2025 am 12:17 AM
MySQL is chosen for its performance, reliability, ease of use, and community support. 1.MySQL provides efficient data storage and retrieval functions, supporting multiple data types and advanced query operations. 2. Adopt client-server architecture and multiple storage engines to support transaction and query optimization. 3. Easy to use, supports a variety of operating systems and programming languages. 4. Have strong community support and provide rich resources and solutions.
How to connect to the database of apache
Apr 13, 2025 pm 01:03 PM
Apache connects to a database requires the following steps: Install the database driver. Configure the web.xml file to create a connection pool. Create a JDBC data source and specify the connection settings. Use the JDBC API to access the database from Java code, including getting connections, creating statements, binding parameters, executing queries or updates, and processing results.
How to start mysql by docker
Apr 15, 2025 pm 12:09 PM
The process of starting MySQL in Docker consists of the following steps: Pull the MySQL image to create and start the container, set the root user password, and map the port verification connection Create the database and the user grants all permissions to the database
MySQL's Role: Databases in Web Applications
Apr 17, 2025 am 12:23 AM
The main role of MySQL in web applications is to store and manage data. 1.MySQL efficiently processes user information, product catalogs, transaction records and other data. 2. Through SQL query, developers can extract information from the database to generate dynamic content. 3.MySQL works based on the client-server model to ensure acceptable query speed.
Laravel Introduction Example
Apr 18, 2025 pm 12:45 PM
Laravel is a PHP framework for easy building of web applications. It provides a range of powerful features including: Installation: Install the Laravel CLI globally with Composer and create applications in the project directory. Routing: Define the relationship between the URL and the handler in routes/web.php. View: Create a view in resources/views to render the application's interface. Database Integration: Provides out-of-the-box integration with databases such as MySQL and uses migration to create and modify tables. Model and Controller: The model represents the database entity and the controller processes HTTP requests.
How to install mysql in centos7
Apr 14, 2025 pm 08:30 PM
The key to installing MySQL elegantly is to add the official MySQL repository. The specific steps are as follows: Download the MySQL official GPG key to prevent phishing attacks. Add MySQL repository file: rpm -Uvh https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm Update yum repository cache: yum update installation MySQL: yum install mysql-server startup MySQL service: systemctl start mysqld set up booting
