Security is a big concern and MySQL Utilities is prepared to use a secure connection to MySQL server secure-connections using an encrypted connection with SSL. This section shows you how to use SSL when connecting to MySQL servers from any utility. All of the utilities use the same mechanism for establishing an SSL connection and include the following options.
The path to a file that contains a list of trusted SSL CAs.
The name of the SSL certificate file to use for establishing a secure connection.
The name of the SSL key file to use for establishing a secure connection.
Specifies if the server connection requires use of SSL. If an encrypted connection cannot be established, the connection attempt fails. Default setting is 0 (SSL not required).
In order to use SSL connections, the MySQL server must be
configure using the
options with a specific SSL certificate. The
--ssl option is used to enforce an SSL
option. That is, if an SSL connection cannot be made, do not
fall back to a normal connection. This option is not needed
unless you want to enforce an SSL connection.
If you are uncertain of how to create the SSL certificates, please following the steps indicated on Creating SSL and RSA Certificates and Keys.
Each utility permits the user to specify the
options to create a SSL connection to a MySQL server. Simply
specify the same options used when the server was started.
For example, if we wanted to get the information about a server
that supports SSL connections, we first identify the SSL
certificate authority (
--ssl-cert), and SSL key
--ssl-key). We want the connection to
default to a normal connection if an SSL connection cannot be
made, thus we omit the
Thus, we use the values from the server SSL configuration with the corresponding options for the utility. The following is an example of the running the serverinfo command with an SSL connection.
shell> mysqlserverinfo --server=root:pass@localhost:3307 \ --ssl-ca=C:/newcerts/cacert.pem \ --ssl-cert=C:/newcerts/client-cert.pem \ --ssl-key=C:/newcerts/client-key.pem \ --format=vertical # Source on localhost: ... connected. ************************* 1. row ************************* server: localhost:3307 config_file: binary_log: binary_log_pos: relay_log: relay_log_pos: version: 5.6.15 datadir: C:\MySQL\instance_3307\ basedir: C:\MySQL\mysql-5.6.15-winx64 plugin_dir: C:\MySQL\mysql-5.6.15-winx64\lib\plugin\ general_log: OFF general_log_file: general_log_file_size: log_error: C:\MySQL\instance_3307\clone.err log_error_file_size: 1569 bytes slow_query_log: OFF slow_query_log_file: slow_query_log_file_size: 1 row. #...done.