This section describes how to use the openssl command to set up the RSA key files that enable MySQL to support secure password exchange over unencrypted connections for accounts authenticated by the 本节介绍如何使用openssl命令设置RSA密钥文件,使MySQL能够通过sha256_password and caching_sha2_password plugins.sha256_password和caching_sha2_password插件验证的帐户的未加密连接支持安全的密码交换。
There are easier alternatives to generating the files required for RSA than the procedure described here: Let the server autogenerate them or use the mysql_ssl_rsa_setup program. 除了生成RSA所需的文件,还有比这里描述的过程更简单的替代方法:让服务器自动生成它们或使用mysql_ssl_rsa_setup程序。See Section 6.3.3.1, “Creating SSL and RSA Certificates and Keys using MySQL”.请参阅第6.3.3.1节,“使用MySQL创建SSL和RSA证书和密钥”。
To create the RSA private and public key-pair files, run these commands while logged into the system account used to run the MySQL server so that the files are owned by that account:要创建RSA私钥和公钥对文件,请在登录到用于运行MySQL服务器的系统帐户时运行以下命令,以便文件归该帐户所有:
openssl genrsa -out private_key.pem 2048 openssl rsa -in private_key.pem -pubout -out public_key.pem
Those commands create 2,048-bit keys. To create stronger keys, use a larger value.这些命令创建2048位密钥。要创建更强的密钥,请使用更大的值。
Then set the access modes for the key files. The private key should be readable only by the server, whereas the public key can be freely distributed to client users:然后设置密钥文件的访问模式。私钥只能由服务器读取,而公钥可以自由分发给客户端用户:
chmod 400 private_key.pem chmod 444 public_key.pem