PDF (A4) - 41.5Mb
Man Pages (TGZ) - 272.3Kb
Man Pages (Zip) - 378.2Kb
Info (Gzip) - 4.1Mb
Info (Zip) - 4.1Mb
This section describes how to use theopenssl command to set up the RSA key files that enable MySQL to support secure password exchange over unencrypted connections for accounts authenticated by thesha256_password (deprecated) andcaching_sha2_password plugins.
An easier alternative to generating the files required for SSL than the procedure described here is to let the server autogenerate them; seeSection 8.3.3.1, “Creating SSL and RSA Certificates and Keys using MySQL”.
To create the RSA private and public key-pair files, run these commands while logged into the system account used to run the MySQL server so that the files are owned by that account:
openssl genrsa -out private_key.pem 2048openssl rsa -in private_key.pem -pubout -out public_key.pemThose commands create 2,048-bit keys. To create stronger keys, use a larger value.
Then set the access modes for the key files. The private key should be readable only by the server, whereas the public key can be freely distributed to client users:
chmod 400 private_key.pemchmod 444 public_key.pemPDF (A4) - 41.5Mb
Man Pages (TGZ) - 272.3Kb
Man Pages (Zip) - 378.2Kb
Info (Gzip) - 4.1Mb
Info (Zip) - 4.1Mb