0

I'm currently testing MySQL replication over SSL. I have two mysql-slave pairs. I would like to configure second slave server for each pair in different data centre:

  1. Do I have to generate certificates for each master and slave server or can I use one certificate for all master servers and then create a new one for each client (slave server)?

  2. According to the information from this link:

On the slave, you have two options available for setting the SSL information. You can either add the slave certificates to the [client] section of the slave's my.cnf file, or you can explicitly specify the SSL information using the CHANGE MASTER TO statement...

However when I add the certificate information to the MySQL configuration file (my.cnf) it's not working and I still have to specify them using "CHANGE MASTER TO" statement anyway?

Regards

Improve this question

1 Answer 1

Reset to default
1

You can use same certificates for all server and clients, it will work, but it's not recommended due to security reasons. If one server will get compromised - all the certificates/private keys will be compromised also. It's always more secure to use one key/certificate only for one purpose.

As to certificate path - it should work with my.cnf, just be sure you are using the right file, check your initscript to know where it is. You still will need to use 'MASTER_SSL=1' in CHANGE MASTER .. command

Improve this answer
1
  • Thanks for reply. Ref. 1 Will this work even if all servers will have the same certificate - with the same common name like server1.com? Ref. 2 It looks like I'm using correct file but it's not working. Commented Jun 6, 2012 at 17:16

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.