List:Replication« Previous MessageNext Message »
From:Truls Bergskaug Date:July 29 2011 3:31pm
Subject:SV: SV: Using ssl with replication
View as plain text  
And you know that the master understands the ssl config you have:
http://dev.mysql.com/doc/refman/5.5/en/secure-using-ssl.html

Truls
________________________________________
Fra: Fabrice MAHTIEU [mysql@stripped]
Sendt: 29. juli 2011 16:58
Til: Truls Bergskaug
Emne: Re: SV: Using ssl with replication

Hello,

   Ssl is set up in the my.cnf file :
[mysqld]
port            = 3306
socket          = /tmp/mysql.sock
skip-external-locking
key_buffer_size = 16M
max_allowed_packet = 1M
table_open_cache = 64
sort_buffer_size = 512K
net_buffer_length = 8K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M

ssl-ca=CAMysql.crt
ssl-cert=Mysqld.crt
ssl-key=Mysqld.key

log-bin=mysql-bin

binlog_format=mixed

server-id       = 1


And I create this user for replication with this SQL command :
GRANT REPLICATION SLAVE ON *.* TO 'toto'@'haha' IDENTIFIED BY 'titi;'
REQUIRE SUBJECT '/C=FR/ST=Midi-Pyrenees/O=un truc/OU=Databases
Manager/CN=backup.bidule.org/emailAddress=databases@stripped' AND
ISSUER '/C=FR/ST=Midi-Pyrenees/L=tyty/O=un truc/OU=Databases
Manager/CN=databases.bidule.org/emailAddress=databases@stripped'
AND CIPHER 'EDH-RSA-DES-CBC3-SHA';

Best regards,




Le 29/07/2011 16:49, Truls Bergskaug a écrit :
> How is the setuo on the master. Mysql requiers ssl setup on the master also.
>
> Truls
> ________________________________________
> Fra: Fabrice MAHTIEU [mysql@stripped]
> Sendt: 28. juli 2011 17:06
> Til: replication@stripped
> Emne: Using ssl with replication
>
> Hello,
>
>    I would get replication communication encrypted between the master
> and slave, so I have read this manual chapter =>
> http://dev.mysql.com/doc/refman/5.5/en/replication-solutions-ssl.html
>    Replication without ssl works.
>
>    It seems they are two method, one with all SSL option as paramaters
> to "CHANGER MASTER TO" SQL command and the second with SSL parameters in
> "client" section of my.cnf config file.
>
>     The first one also works (so crt and key file are good et could be
> read by the mysql process), but the second one don' t.
>
>     I have used this SQL command :
> CHANGE MASTER TO MASTER_HOST='tata.com', MASTER_USER='toto',
> MASTER_PASSWORD='titi', MASTER_LOG_FILE='mysql-bin.000019',
> MASTER_LOG_POS=1195, MASTER_SSL=1;
>
>     and get client section of my.cnf file configuration as it :
> [client]
> port            = 3306
> socket          = /tmp/mysql.sock
> ssl-ca=CAMysql.crt
> ssl-cert=BackupMysql.crt
> ssl-key=BackupMysql.key
>
> The error code is 1045.
> I have made a capture with wireshark, the slave try to connect with
> clear text and authenticate with clear username/password; as any
> unencrypted connection.
> I don't know where to search more information ?
>
> Both mysql server are version 5.5 on FreeBSD 8.2 i386.
>
> Is this method is depreacated ? Or documention is not up to date ?
>
> Best regards,
>
>
> --
> MySQL Replication Mailing List
> For list archives: http://lists.mysql.com/replication
> To unsubscribe:    http://lists.mysql.com/replication?unsub=1
>
Thread
SV: SV: Using ssl with replicationTruls Bergskaug29 Jul
  • Re: SV: SV: Using ssl with replicationFabrice MAHTIEU30 Jul