0

I'm currently testing MySQL replication over SSL. I have two mysql-slave pairs. I would like to configure second slave server for each pair in different data centre:

  1. Do I have to generate certificates for each master and slave server or can I use one certificate for all master servers and then create a new one for each client (slave server)?

  2. According to the information from this link:

On the slave, you have two options available for setting the SSL information. You can either add the slave certificates to the [client] section of the slave's my.cnf file, or you can explicitly specify the SSL information using the CHANGE MASTER TO statement...

However when I add the certificate information to the MySQL configuration file (my.cnf) it's not working and I still have to specify them using "CHANGE MASTER TO" statement anyway?

Regards

HTF
  • 3,148
  • 14
  • 52
  • 82

1 Answers1

1

You can use same certificates for all server and clients, it will work, but it's not recommended due to security reasons. If one server will get compromised - all the certificates/private keys will be compromised also. It's always more secure to use one key/certificate only for one purpose.

As to certificate path - it should work with my.cnf, just be sure you are using the right file, check your initscript to know where it is. You still will need to use 'MASTER_SSL=1' in CHANGE MASTER .. command

DukeLion
  • 3,259
  • 1
  • 18
  • 19
  • Thanks for reply. Ref. 1 Will this work even if all servers will have the same certificate - with the same common name like `server1.com`? Ref. 2 It looks like I'm using correct file but it's not working. – HTF Jun 06 '12 at 17:16