Mariadb Replication Encryption

Certificates

Create the certificate authority key.

openssl genrsa -out ca-key.pem 2048

Create the certificate authority certificate.

openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem

Create the server key.

openssl req -newkey rsa:2048 -days 365000 -nodes -keyout server-key.pem -out server-req.pem
openssl rsa -in server-key.pem -out server-key.pem

Sign the server certificate.

openssl x509 -req -in server-req.pem -days 365000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

Create the client key.

openssl req -newkey rsa:2048 -days 365000 -nodes -keyout client-key.pem -out client-req.pem
openssl rsa -in client-key.pem -out client-key.pem

Sign the client certificate

openssl x509 -req -in client-req.pem -days 365000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem

None: Mariadb Client-Server Encryption (last edited 2020-02-08 15:55:34 by Kristian Kallenberg)