Documentation Home
MySQL Utilities 1.5
Related Documentation Download this Manual
PDF (US Ltr) - 1.0Mb
PDF (A4) - 1.0Mb
HTML Download (TGZ) - 191.5Kb
HTML Download (Zip) - 201.7Kb

MySQL Utilities 1.5  /  ...  /  Specifying Secure Socket Layer (SSL) Options Specifying Secure Socket Layer (SSL) Options

Security is a big concern and MySQL Utilities is prepared to use a secure connection to MySQL server secure-connections using an encrypted connection with SSL. This section shows you how to use SSL when connecting to MySQL servers from any utility. All of the utilities use the same mechanism for establishing an SSL connection and include the following options.

  • --ssl-ca

    The path to a file that contains a list of trusted SSL CAs.

  • --ssl-cert

    The name of the SSL certificate file to use for establishing a secure connection.

  • --ssl-key

    The name of the SSL key file to use for establishing a secure connection.

  • --ssl

    Specifies if the server connection requires use of SSL. If an encrypted connection cannot be established, the connection attempt fails. Default setting is 0 (SSL not required).

In order to use SSL connections, the MySQL server must be configure using the --ssl-ca --ssl-cert and --ssl-key options with a specific SSL certificate. The --ssl option is used to enforce an SSL option. That is, if an SSL connection cannot be made, do not fall back to a normal connection. This option is not needed unless you want to enforce an SSL connection.


If you are uncertain of how to create the SSL certificates, please following the steps indicated on Creating SSL and RSA Certificates and Keys.

Each utility permits the user to specify the --ssl-ca, --ssl-cert, --ssl-key, and --ssl options to create a SSL connection to a MySQL server. Simply specify the same options used when the server was started.

For example, if we wanted to get the information about a server that supports SSL connections, we first identify the SSL certificate authority (--ssl-ca), SSL certificate (--ssl-cert), and SSL key (--ssl-key). We want the connection to default to a normal connection if an SSL connection cannot be made, thus we omit the --ssl option.

Thus, we use the values from the server SSL configuration with the corresponding options for the utility. The following is an example of the running the serverinfo command with an SSL connection.

shell> mysqlserverinfo --server=root:pass@localhost:3307 \
          --ssl-ca=C:/newcerts/cacert.pem \
          --ssl-cert=C:/newcerts/client-cert.pem \
          --ssl-key=C:/newcerts/client-key.pem \
# Source on localhost: ... connected.
*************************       1. row *************************
                   server: localhost:3307
                  version: 5.6.15
                  datadir: C:\MySQL\instance_3307\
                  basedir: C:\MySQL\mysql-5.6.15-winx64
               plugin_dir: C:\MySQL\mysql-5.6.15-winx64\lib\plugin\
              general_log: OFF
                log_error: C:\MySQL\instance_3307\clone.err
      log_error_file_size: 1569 bytes
           slow_query_log: OFF
1 row.

User Comments
Sign Up Login You must be logged in to post a comment.