For example, the MySQL server has a built-in capability to generate the required SSL certificates. Some Root CA operators have been rejected by browser makers because of malpractice.īut for MySQL, it seems common practice to build your own Root CA for MySQL SSL certificates, even in production. Each browser maker bakes into the web browser the list of Root CA's which are trusted by that browser, for example. In the case of HTTPS, the Root CA's are highly guarded service providers that undergo careful auditing. Like with HTTPS SSL certificates the "Root CA" is the root of an authority chain through which the certificate is authenticated. The SSL certificates being used are the same technology as the certificates used in HTTPS connections. For instance it can require SSL certificates for all incoming connections, and can even support password-less access authenticating user ID's solely from an SSL certificate. Next you start the MySQL server using the server certificates, and in MySQL clients you configure use of the client certificates.Īs we will see, MySQL can be configured to several levels of security.
Next you create SSL certificates for both the MySQL server, and the MySQL client, that are signed by the Root Certificate Authority (Root CA). What does it take to authenticate MySQL connections using SSL/TLS?Īs with any TLS/SSL connection, there must be a "root certificate authority" to help with certificate authentication. Someone might go for years without an intrusion into their database, but that doesn't make it a safe practice. That's only as safe as the username/password combination.
OPENSSL TOOL FOR WORKEBENCH PASSWORD
The cost is that every database interaction becomes slower and more resource intensive, because of the encryption algorithm.Ī typical Wordpress site hosted on a typical web hosting provider we'll use a simple user name and password to authenticate with the MySQL server. And because it is encrypted, a 3rd party is less able to listen in on your database transactions. The connection is authenticated by the SSL certificate, giving you more certainty for each database connection. Using TLS/SSL while connecting to MySQL means your database connection is encrypted, and has a higher degree of authentication.