MySQL SSL ¼³Á¤

¸®¿À   
   Á¶È¸ 11142   Ãßõ 0    

 

안녕하세요.

Centos 7

MariaDB 10.1.7 을 사용중입니다.


http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-files-using-openssl.html


위 링크의 Example 1 부분을 참조해서

ca-cert.pem

server-cert.pem

server-key.pem


위 3개 파일을 만들고..

my.cnf 파일의 [mysqld] 단락안에

ssl-ca=ca-cert.pem

ssl-cert=server-cert.pem

ssl-key=server-key.pem


위와 같이 설정하고


mysql을 다시 시작해서


mysql 콘솔에 접속해서

아래와 같이 조회를 해보았더니..

show variables like '%ssl%';


MariaDB [(none)]> show variables like '%ssl%';

+---------------------+------------------------------------+

| Variable_name       | Value                              |

+---------------------+------------------------------------+

| have_openssl        | YES                                |

| have_ssl            | DISABLED                           |

| ssl_ca              | ca-cert.pem     |

| ssl_capath          |                                    |

| ssl_cert            | server-cert.pem |

| ssl_cipher          |                                    |

| ssl_crl             |                                    |

| ssl_crlpath         |                                    |

| ssl_key             | server-key.pem  |

| version_ssl_library | OpenSSL 1.0.1e-fips 11 Feb 2013    |

+---------------------+------------------------------------+


위와 같이 have_ssl 속성이 DISABLED가 나오는데 뭐가 문제일까요;;


P.S : 

저랑 똑같은 환경에서 똑같은 질문이 있네요;;

http://stackoverflow.com/questions/38552804/having-problems-enabling-have-ssl-mariadb 


https://mariadb.com/kb/en/mariadb/secure-connections-overview/ 

무언가 여기에 힌트가 있을거 같아서 보고는 있는데.. 잘모르겠네요;












ªÀº±Û Àϼö·Ï ½ÅÁßÇÏ°Ô.
¸¸µå½Å ÀÎÁõ¼­ÆÄÀϵéÀÇ Àý´ë°æ·Î ¼³Á¤À» ÇØÁÖ½Ã¸é µÇ½Ç °Ì´Ï´Ù. mysql À¯Àú°¡ ¿¢¼¼½º°¡ °¡´ÉÇÑ  °æ·Î·Î º¹»çÇϽðí Àý´ë°æ·Î¸¦ Àû¾îÁÖ¼¼¿ä.
¶ÇÇÑ ¸¸µå½Å ÀÎÁõ¼­°¡ Á¤»óÀûÀÎÁö
openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem Çؼ­ verifyÇغ¸½Ã±â ¹Ù¶ø´Ï´Ù.

À§ÀÇ µÎ°¡Áö°¡ Á¤È®ÇÏ´Ù¸é Á¤»óÀûÀ¸·Î µ¿ÀÛÇÏ½Ç °Ì´Ï´Ù.
     
¸®¿À 2016-09
¾Æ... À§ÀÇ °æ·ÎºÎºÐÀº Á¦°¡ ÀϺηΠ»ý·«À» Çصа̴ϴ٠^^;
verify °á°ú´Â ÀüºÎ OK·Î ³ª¿À±¸¿ä..
±Ùµ¥ ½Å±âÇÑ°Ç..
yumÀ¸·Î MariaDB¸¦ óÀ½ ¼³Ä¡ÇÏÀÚ¸¶ÀÚ
SSL °ü·Ã ¼³Á¤À» ¾Æ¿¹ ¾ÈÇÏ°í Çϸé..
have_ssl DISABLED À롂 ÀÌÇØÇϰڴµ¥..
have_openssl °¡ ±âº»À¸·Î YES ·Î µÇÀÖ´ÂÁ¡µµ ÀÌÇØ°¡ ¾ÈµÇ³×¿ä;;
¸®¿À 2016-09
Á¦°¡  MariaDB 10.1.7 ¹öÀüÀ» »ç¿ëÁßÀε¥..
¾Æ·¡ ¸µÅ©ÀÇ
https://mariadb.com/kb/en/mariadb/ssltls-system-variables/

have_openssl ÀÇ º¯¼ö ¼³¸í¿¡..
¾Æ·¡¿Í °°ÀÌ µÇ¾îÀ־ ¹öÀüÀÌ ¹Ù²î¸é¼­ ¹º°¡ º¯°æÀÌ µÈ°Ô ¾Æ´Ñ°¡ ÇÏ°í ÃßÃø¸¸ ÇÏ°í ÀÖ½À´Ï´Ù..;;
Description: Before MariaDB 10.0.1, have_openssl was an alias for have_ssl. Since MariaDB 10.0.1, comparing have_openssl with have_ssl will indicate whether YaSSL or openssl was used. If YaSSL, have_ssl will be ON, but have_openssl will be OFF.
     
Maridb 10.0.26  ¹öÀüÀ¸·Î Å×½ºÆ® ÇÑ °á°úÀÔ´Ï´Ù.
À§ÀÇ ¼³¸íÀº have_sslÀº YaSSL ¶Ç´Â opensslÀ» Áö¿øÇÏ´ÂÁö(Á¤È®ÀÌ´Â À§ÀÇ ¶óÀ̺귯¸®¿Í ºôµå°¡ µÇ¾ú´ÂÁö) ¿©ºÎ¿¡ ´ëÇÑ °ÍÀÌ°í ¸¸¾à¿¡ YaSSLÀ» Áö¿øÇÏ´Â °æ¿ì¿¡´Â have_opensslÀÌ OFFµÈ´Ù´Â À̾߱â ÀÔ´Ï´Ù.
º¸ÅëÀÇ °æ¿ì ´ëºÎºÐ openssl À» Áö¿øÇϵµ·Ï ¼³Ä¡°¡ µÇ¾úÀ»Å×´Ï ¾Æ·¡Ã³·³ ³ª¿À´Â°Ô ¸ÂÀ» °Ì´Ï´Ù.

MariaDB [(none)]> show variables like '%ssl%';
+---------------+----------------------------+
| Variable_name | Value                      |
+---------------+----------------------------+
| have_openssl  | YES                        |
| have_ssl      | YES                        |
| ssl_ca        | /etc/mysql/ca.pem          |
| ssl_capath    |                            |
| ssl_cert      | /etc/mysql/server-cert.pem |
| ssl_cipher    |                            |
| ssl_crl      |                            |
| ssl_crlpath  |                            |
| ssl_key      | /etc/mysql/server-key.pem  |
+---------------+----------------------------+
9 rows in set (0.00 sec)
          
¸®¿À 2016-09
Çã¾ï!...¤Ð.¤Ð
±×·³ Àü µµ´ëü.. ¿Ö.. ¹ºÁþÀ» ÇغÁµµ..
have_ssl      | DISABLED Àϱî¿ä..¤Ð.¤Ð
               
mysql ·Î±× Çѹø È®ÀÎÇغ¸¼¼¿ä  ssl°ü·Ã ¿¡·¯°¡ À־ mysqlµ¥¸óÀº µ¿ÀÛÇÕ´Ï´Ù.
                    
¸®¿À 2016-09
¾Æ.. ÇØ°áÇß½À´Ï´Ù..
¿øÀÎÀº.. ca.pem ÆÄÀÏ À̾ú½À´Ï´Ù..;;
º¹»ç ºÙ¿© ³Ö±â ½Å°øÀ¸·Î..
http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-files-using-openssl.html
https://www.percona.com/blog/2013/06/22/setting-up-mysql-ssl-and-secure-connections/
À§ ¸µÅ©µéÀÇ ¼³¸í¿¡ ÀÖ´Â ¸í·É¾î¸¦ °í´ë·Î ºÙ¿© ³Ö¾î¼­ ½ÇÇàÀ» Çߴµ¥..

1¹ø° ¸µÅ©¿¡´Â.. ca.pem ÆÄÀϸíÀ¸·Î µÇ¾îÀÖ°í..
2¹ø° ¸µÅ©ÀÇ ÆÄÀϸíÀº.. ca-cert.pem µÇ¾îÀÖ¾ú³×¿ä;;

Á¦´ë·Î È®ÀÎÀ» ¾ÈÇÑ Á¦ À߸øÀÔ´Ï´Ù..¤Ð.¤Ð

±è°æ¹Î´Ô ³¡±îÁö ´äº¯ Áּż­ Á¤¸» °¨»çÇÕ´Ï´Ù!
±×¸®°í ³Ê¹« Á˼ÛÇÕ´Ï´Ù~!! ¤Ð.¤Ð
                         
ÀúÇÑÅ× Á˼ÛÇÒÀÏÀÌ ¹¹°¡ ÀÖ½À´Ï±î?^^;
ÇØ°áµÇ¾úÀ¸¸é Àß µÈ°ÍÀÌÁÒ..¤¾¤¾


QnA
Á¦¸ñPage 2228/5686
2015-12   1509086   ¹é¸Þ°¡
2014-05   4972783   Á¤ÀºÁØ1
2020-11   5630   Àϸ®ÄÉ
2012-07   5630   ¾öû³­x
2006-03   5630   ±è½Âȯ
2006-05   5630   À¯»ç¿ë
2015-06   5630   jiminbape
2016-11   5630   ¿¹°ü½Å±Ô½Ä
2005-10   5630   ¹Ú¿ì¿­
2008-02   5630   ÃÖÀçö
2006-12   5630   ¹Ú±¤´ö
2011-09   5630   6Åø
2006-04   5630   Á¤Çö±¸
2008-02   5630   ±è¼®±Ç
2007-12   5630   ½ÅÀ¯È£
2008-07   5630   Â÷Àç±Ù
2007-09   5630   ÀÓ°æÈÆ
2017-03   5630   ¹«¾Æ
2005-06   5630   ¼Û¿µ¿À
2008-02   5630   ±èµ¿¼ö
2007-11   5630   ¹Úº´Èñ
2005-07   5630   ¼ÒÇöÁØ