MySQL :: MySQL Shell for VS Code :: D MySQL Shell for VS Code Certificates

MySQL Shell for VS Code / Appendices / MySQL Shell for VS Code Certificates

Appendix D MySQL Shell for VS Code Certificates

In some cases, such as when you install and run MySQL Shell separately, you might be prompted to load the certificates required by MySQL Shell for VS Code. When running MySQL Shell for VS Code with embedded MySQL Shell, the tool manages the required certificates for you.

The certificates are stored:

Linux (see Unix: Set up a certificate for a web server supporting HTTPS running on the localhost)

/home/<user>/.vscode/extensions/oracle.mysql-shell-for-vs-code-<release>-linux-x64/shell/lib/mysqlsh/plugins/gui_plugin/internal/certificates
macOS (see Unix: Set up a certificate for a web server supporting HTTPS running on the localhost)

/home/<user>/.vscode/extensions/oracle.mysql-shell-for-vs-code-<release>/shell/lib/mysqlsh/plugins/gui_plugin/internal/certificates
Windows (see Set up a certificate for a web server on Windows)

C:\Users\<user>\.vscode\extensions\oracle.mysql-shell-for-vs-code-<release>-win32-x64\shell\lib\mysqlsh\plugins\gui_plugin\internal\certificates

There are two certificates:

rootCA.crt
server.crt

Unix: Set up a certificate for a web server supporting HTTPS running on the localhost

To set up a certificate for a web server supporting HTTPS running on the local host:

Generate a rootCA.key with pass phrase, by issuing at the command line.
```
openssl genrsa -des3 -out rootCA.key 2048
```

Generate root SSL certificate rootCA.pem.

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

Trust the root SSL certificate.
- On macOS:
  1. Open Keychain Access.
  2. Navigate to Category Certificates.
  3. Select File, and use Import Items to load the rootCA.pem.
  4. Double-click the imported certificate and change the When using this certificate drop-down option to Always Trust in the Trust section.
- On Linux, issue:
```
security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain-db rootCA.pem
```

Create a certificate key for the local host using the configuration settings stored in server.csr.cnf.

openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )

Create a domain certificate for the local host.

openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext

Set up a certificate for a web server on Windows

To install root SSL certificate in Windows, use Microsoft Management Console (MMC):

Right-click Start and click Run.
Enter MMC to open Microsoft Management Console.
Select File and click Add/Remove Snap-in.
Click Certificates, and select Add.
In the Certificates snap-in window, select Computer Account, and click Next.
Select Local Computer and click Finish.
Click OK to go back to main MMC console window.
Double-click Certificates (local computer) to expand its view.
Right-click Certificates, located under Trusted Root Certification Authorities, select All Tasks, and click Import.
Complete the wizard to import the chain certificate. Browse to locate the chain certificate to be imported or rootCA.pem file to import.
Select Place all certificates in the following store, and select the Trusted Root Certification Authorities store.
Click Next, and click Finish to complete the wizard.

PREV HOME UP