안녕하세요.
Centos 7
MariaDB 10.1.7 을 사용중입니다.
http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-files-using-openssl.html
위 링크의 Example 1 부분을 참조해서
ca-cert.pem
server-cert.pem
server-key.pem
위 3개 파일을 만들고..
my.cnf 파일의 [mysqld] 단락안에
ssl-ca=ca-cert.pem
ssl-cert=server-cert.pem
ssl-key=server-key.pem
위와 같이 설정하고
mysql을 다시 시작해서
mysql 콘솔에 접속해서
아래와 같이 조회를 해보았더니..
show variables like '%ssl%';
MariaDB [(none)]> show variables like '%ssl%';
+---------------------+------------------------------------+
| Variable_name | Value |
+---------------------+------------------------------------+
| have_openssl | YES |
| have_ssl | DISABLED |
| ssl_ca | ca-cert.pem |
| ssl_capath | |
| ssl_cert | server-cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | server-key.pem |
| version_ssl_library | OpenSSL 1.0.1e-fips 11 Feb 2013 |
+---------------------+------------------------------------+
위와 같이 have_ssl 속성이 DISABLED가 나오는데 뭐가 문제일까요;;
P.S :
저랑 똑같은 환경에서 똑같은 질문이 있네요;;
http://stackoverflow.com/questions/38552804/having-problems-enabling-have-ssl-mariadb
https://mariadb.com/kb/en/mariadb/secure-connections-overview/
무언가 여기에 힌트가 있을거 같아서 보고는 있는데.. 잘모르겠네요;
¶ÇÇÑ ¸¸µå½Å ÀÎÁõ¼°¡ Á¤»óÀûÀÎÁö
openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem Çؼ verifyÇغ¸½Ã±â ¹Ù¶ø´Ï´Ù.
À§ÀÇ µÎ°¡Áö°¡ Á¤È®ÇÏ´Ù¸é Á¤»óÀûÀ¸·Î µ¿ÀÛÇÏ½Ç °Ì´Ï´Ù.
verify °á°ú´Â ÀüºÎ OK·Î ³ª¿À±¸¿ä..
±Ùµ¥ ½Å±âÇÑ°Ç..
yumÀ¸·Î MariaDB¸¦ óÀ½ ¼³Ä¡ÇÏÀÚ¸¶ÀÚ
SSL °ü·Ã ¼³Á¤À» ¾Æ¿¹ ¾ÈÇÏ°í Çϸé..
have_ssl DISABLED À롂 ÀÌÇØÇϰڴµ¥..
have_openssl °¡ ±âº»À¸·Î YES ·Î µÇÀÖ´ÂÁ¡µµ ÀÌÇØ°¡ ¾ÈµÇ³×¿ä;;
¾Æ·¡ ¸µÅ©ÀÇ
https://mariadb.com/kb/en/mariadb/ssltls-system-variables/
have_openssl ÀÇ º¯¼ö ¼³¸í¿¡..
¾Æ·¡¿Í °°ÀÌ µÇ¾îÀÖ¾î¼ ¹öÀüÀÌ ¹Ù²î¸é¼ ¹º°¡ º¯°æÀÌ µÈ°Ô ¾Æ´Ñ°¡ ÇÏ°í ÃßÃø¸¸ ÇÏ°í ÀÖ½À´Ï´Ù..;;
Description: Before MariaDB 10.0.1, have_openssl was an alias for have_ssl. Since MariaDB 10.0.1, comparing have_openssl with have_ssl will indicate whether YaSSL or openssl was used. If YaSSL, have_ssl will be ON, but have_openssl will be OFF.
À§ÀÇ ¼³¸íÀº have_sslÀº YaSSL ¶Ç´Â opensslÀ» Áö¿øÇÏ´ÂÁö(Á¤È®ÀÌ´Â À§ÀÇ ¶óÀ̺귯¸®¿Í ºôµå°¡ µÇ¾ú´ÂÁö) ¿©ºÎ¿¡ ´ëÇÑ °ÍÀÌ°í ¸¸¾à¿¡ YaSSLÀ» Áö¿øÇÏ´Â °æ¿ì¿¡´Â have_opensslÀÌ OFFµÈ´Ù´Â À̾߱â ÀÔ´Ï´Ù.
º¸ÅëÀÇ °æ¿ì ´ëºÎºÐ openssl À» Áö¿øÇϵµ·Ï ¼³Ä¡°¡ µÇ¾úÀ»Å×´Ï ¾Æ·¡Ã³·³ ³ª¿À´Â°Ô ¸ÂÀ» °Ì´Ï´Ù.
MariaDB [(none)]> show variables like '%ssl%';
+---------------+----------------------------+
| Variable_name | Value |
+---------------+----------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /etc/mysql/ca.pem |
| ssl_capath | |
| ssl_cert | /etc/mysql/server-cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | /etc/mysql/server-key.pem |
+---------------+----------------------------+
9 rows in set (0.00 sec)
±×·³ Àü µµ´ëü.. ¿Ö.. ¹ºÁþÀ» ÇغÁµµ..
have_ssl | DISABLED Àϱî¿ä..¤Ð.¤Ð
¿øÀÎÀº.. ca.pem ÆÄÀÏ À̾ú½À´Ï´Ù..;;
º¹»ç ºÙ¿© ³Ö±â ½Å°øÀ¸·Î..
http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-files-using-openssl.html
https://www.percona.com/blog/2013/06/22/setting-up-mysql-ssl-and-secure-connections/
À§ ¸µÅ©µéÀÇ ¼³¸í¿¡ ÀÖ´Â ¸í·É¾î¸¦ °í´ë·Î ºÙ¿© ³Ö¾î¼ ½ÇÇàÀ» Çߴµ¥..
1¹ø° ¸µÅ©¿¡´Â.. ca.pem ÆÄÀϸíÀ¸·Î µÇ¾îÀÖ°í..
2¹ø° ¸µÅ©ÀÇ ÆÄÀϸíÀº.. ca-cert.pem µÇ¾îÀÖ¾ú³×¿ä;;
Á¦´ë·Î È®ÀÎÀ» ¾ÈÇÑ Á¦ À߸øÀÔ´Ï´Ù..¤Ð.¤Ð
±è°æ¹Î´Ô ³¡±îÁö ´äº¯ Áּż Á¤¸» °¨»çÇÕ´Ï´Ù!
±×¸®°í ³Ê¹« Á˼ÛÇÕ´Ï´Ù~!! ¤Ð.¤Ð
ÇØ°áµÇ¾úÀ¸¸é Àß µÈ°ÍÀÌÁÒ..¤¾¤¾