Details
-
Task
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
Description
mariadb ssl_rsa_setup maintenance tool with galera option would accelerate tls deployment on galera cluster
mariadb is supporting tls encryption in client - server channels
as well in mariadb galera cluster.
Deployment of ssl however requires more steps and it would be useful to have
mariadb_ssl_rsa_setup tool to accelerate it and avoid miss configuration errors.
tool may generate client and server certification files and keys
export them optionally to the server or cluster nodes /etc/mysql/certification dir(s)
with appropriate ownership and permissions
and prepare optionally server or cluster nodes configuration files .
[root@t4w5 ~]# ls -l /etc/ | grep mysql
|
drwxr-xr-x 3 mysql mysql 16 May 11 13:51 mysql
|
[root@t4w5 ~]# ls /etc/mysql/cc
|
client.crt client.key client.pem server.crt server.key server.pem
|
|
|
galera node server.cnf
[mysqld]
|
|
|
#ssl-ca=/etc/mysql/cc/server.crt
|
#ssl-key=/etc/mysql/cc/server.key
|
#ssl-cert=/etc/mysql/cc/server.pem
|
|
|
|
|
|
|
[client]
|
|
|
#ssl-ca=/etc/mysql/cc/client.crt
|
#ssl-key=/etc/mysql/cc/client.key
|
#ssl-cert=/etc/mysql/cc/client.pem
|
|
|
|
|
|
|
[mysqld]
|
|
|
ssl-ca=/etc/mysql/cc/server.crt
|
ssl-key=/etc/mysql/cc/server.key
|
ssl-cert=/etc/mysql/cc/server.pem
|
|
|
|
|
|
|
[client]
|
|
|
ssl-ca=/etc/mysql/cc/client.crt
|
ssl-key=/etc/mysql/cc/client.key
|
ssl-cert=/etc/mysql/cc/client.pem
|
|
|
|
|
|
|
Attachments
Issue Links
- relates to
-
MDEV-15568 SST + SSL/TLS broken due to socat CN check
-
- Closed
-
- links to