将ssl与mysql集成-拒绝访问 [英] Integrating ssl with mysql - Access Denied

问题描述

我正在尝试通过引用此来为mysql设置ssl .
我能够完成前3个步骤，但是第4个问题如下:

I'm trying to setting up ssl for mysql by referring this.
I'm able to complete first 3 steps but having issue with the 4th which is as following:

GRANT ALL PRIVILEGES ON *.* TO 'ssluser'@'localhost' IDENTIFIED BY 'ssluser' REQUIRE SSL;
FLUSH PRIVILEGES;

然后我重新启动mysql服务器.

Then I restart the mysql server.

当我尝试运行mysql -ussluser -pssluser -P3306 --ssl-key="C:\Program Files\MySQL\MySQL Server 5.5\certs\ca-cert.pem"时执行此语句后，
它显示以下错误:用户'ssluser'@'localhost'的访问被拒绝(使用密码:是)
我在这里使用 3306 ，因为这是我的默认端口.

After executing this statement when I try to run mysql -ussluser -pssluser -P3306 --ssl-key="C:\Program Files\MySQL\MySQL Server 5.5\certs\ca-cert.pem",
it shows following error: Access denied for user 'ssluser'@'localhost' (using password: YES)
I'm using 3306 here as it's my default port.

当我已经执行了 GRANT 语句时，怎么说访问被拒绝.

How it can say Access Denied when I have already executed GRANT statement.

请注意

• 我在REQUIRE SSL上使用 GRANT 语句执行了mysql -ussluser -pssluser 之前，我能够连接到mysql.

• I executed mysql -ussluser -pssluser before using GRANT statement with REQUIRE SSL and I was able to connect to mysql.

如果我尝试SHOW GRANTS FOR 'ssluser'@'localhost';
我知道了

If I try SHOW GRANTS FOR 'ssluser'@'localhost';
I get

GRANT ALL PRIVILEGES ON *.* TO \'ssluser\'@\'localhost\' IDENTIFIED BY PASSWORD \'*C56A6573BEE146CB8243543295FD80ADCE588EFF\' REQUIRE SSL WITH GRANT OPTION

在执行 GRANT 语句之前，我能够通过 ssluser 连接到 workbench .但是现在，它的访问被拒绝错误.

Before executing GRANT statement, I was able to connect to workbench through ssluser. But now its giving access denied error.

当我使用show global variables like 'have_%ssl';时，我会得到

have_openssl已禁用 have_ssl已禁用

have_openssl DISABLED have_ssl DISABLED

，当我使用此SHOW STATUS LIKE 'Ssl_cipher';时，我会得到

and when I use this SHOW STATUS LIKE 'Ssl_cipher'; I get

Ssl_cipher _________

Ssl_cipher _________

我已经创建了所有服务器和客户端证书，并将它们放置在mysql server根目录内的certs目录中.

I have created all server and client certificates and placed them in certs directory inside mysql server root directory.

几天来我一直在尝试，但是什么也没发现.任何帮助表示赞赏.

I'm trying it from couple of days but have found nothing. Any help appreciated.

我第一次这样做.谁能指导我完成详细的程序来做到这一点?

I'm doing this for the first time. Can anyone guide me through detailed procedure to do this?

推荐答案

我今天正在努力处理类似的错误消息，这就是我发现的内容.

I was struggling with a similar error message today and here is what I discovered.

1. 用于GRANT的要求SSL"选项仅需要SSL进行连接，不需要提供客户端证书.
2. mysql CLI无法像我期望的那样处理SSL.例如，在MySQL 5.5上，--ssl选项似乎并未真正启用SSL传输.
3. 我必须添加选项--ssl-cipher=DHE-RSA-AES256-SHA:AES128-SHA才能使mysql客户端真正使用SSL并允许与客户端进行身份验证.

1. The "REQUIRE SSL" option for the GRANT only requires SSL for connection and does not require a client side certificate to be provided.
2. The mysql CLI does not handle SSL like I expected. For example, on MySQL 5.5, the --ssl option doesn't seem to really enable the SSL transport.
3. I had to add the option --ssl-cipher=DHE-RSA-AES256-SHA:AES128-SHA to get the mysql client to really use SSL and allow authentication with the client.

以下是我用来设置新用户的确切步骤:

Here are the exact steps I used to setup my new user:

CREATE USER 'ssl-user'@'%' identified by '<password>';
GRANT USAGE ON *.* TO 'ssl-user'@'%' identified by '<password>' REQUIRE SSL;
GRANT ALL PRIVILEGES ON `your-database`.* TO 'ssl-user'@'%';

这篇关于将ssl与mysql集成-拒绝访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！