我已经配置了MySQL
ubuntu 服务器中的 SSL。
show variables like "%ssl%";
+---------------+----------------------------+
| Variable_name | Value |
+---------------+----------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /etc/mysql/ca-cert.pem |
| ssl_capath | |
| ssl_cert | /etc/mysql/server-cert.pem |
| ssl_cipher | |
| ssl_key | /etc/mysql/server-key.pem |
+---------------+----------------------------+
PHP 脚本中当前的 PDO 连接是这样的:
try {
$this->_conn = $this->dbh = new PDO('mysql:host=' . DB_SERVER . ';dbname='. DB_NAME, DB_USER, DB_PASS);
$this->dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
die("Couldn't connect to database. Please try again!");
}
我试图连接添加这个数组。但是,它不起作用。
array(PDO::MYSQL_ATTR_SSL_KEY => '/etc/mysql/client-key.pem',
PDO::MYSQL_ATTR_SSL_CERT => '/etc/mysql/client-cert.pem',
PDO::MYSQL_ATTR_SSL_CA => '/etc/mysql/ca-cert.pem'
);
现在的问题是:如何在安全连接(SSL)下连接 MySQL 数据库?我需要做哪些更改才能添加使其安全?
我通过以下方式生成了客户端和服务器证书:
openssl genrsa -out ca-key.pem 2048;
openssl req -new -x509 -nodes -days 1000 -key ca-key.pem -out ca-cert.pem;
openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem -out server-req.pem;
openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem;
openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem -out client-req.pem;
openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem;
错误信息
SQLSTATE[HY000] [2026] SSL 连接错误:无法获取私钥