In this blog post, I’ll walk you through setting up encrypted replication on MySQL 5.7 with GTID enabled. I will walk you through how to create sample certificates and keys, and then configure MySQL to only use replication via an encrypted SSL tunnel.
For simplicity, the credentials and certificates I used in this tutorial are very basic. I would suggest, of course, you use stronger passwords and accounts.
Let’s get started.
Create a folder where you will keep the certificates and keys
mkdir /etc/newcerts/ cd /etc/newcerts/
Create CA certificate
[root@po-mysql2 newcerts]# openssl genrsa 2048 > ca-key.pem Generating RSA private key, 2048 bit long modulus .............+++ ..................+++ e is 65537 (0x10001)
[root@po-mysql2 newcerts]# openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem You are about to be asked to enter …[Read more]