发表新帖
发表新帖

How to get hold of Amazon MySQL RDS certificates

后端 未结
关注
3 1575
自闭症患者
自闭症患者 2021-02-01 04:45

Amazon RDS documentation (http://aws.amazon.com/rds/faqs/#53) specifies that \"Amazon RDS generates an SSL certificate for each [MySQL] DB Instance\". I haven\'t been able to fi

相关标签:
3条回答
  • 慢半拍i
    2021-02-01 05:22

    I found the solution here: https://forums.aws.amazon.com/thread.jspa?threadID=62110.

    • Download ca cert file from here: https://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem

    curl -O https://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem

    • Connect to mysql:
    mysql -uusername -p --host=host --ssl-ca=mysql-ssl-ca-cert.pem
    • Check that your connection is really encrypted:
    mysql> SHOW STATUS LIKE 'Ssl_cipher';

    +---------------+------------+
| Variable_name | Value      |
+---------------+------------+
| Ssl_cipher    | AES256-SHA |
+---------------+------------+
1 row in set (0.00 sec)
    • Optionally force SSL for a specific user to connect to MySQL

    mysql> ALTER USER 'username'@'host|%' REQUIRE SSL

    0 讨论(0)
  • 予麋鹿
    2021-02-01 05:30

    You can get the AWS RDS certificate file information from the AWS Documentation guide itself

    http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html

    Download the certificate from here

    https://rds.amazonaws.com/doc/mysql-ssl-ca-cert.pem

    Update - Amazon updated the SSL certificate, you can download the it from here : https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem

    Use the following command to login into mysql

    root@sathish:/usr/src# mysql -h awssathish.xxyyzz.eu-west-1.rds.amazonaws.com -u awssathish -p --ssl-ca=mysql-ssl-ca-cert.pem
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 22
Server version: 5.6.13-log MySQL Community Server (GPL)

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> 
mysql> GRANT USAGE ON *.* TO ‘awssathish’@’%’ REQUIRE SSL
Query OK, 0 rows affected (0.02 sec)
mysql> 
mysql> show variables like "%ssl";
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl  | YES   |
| have_ssl      | YES   |
+---------------+-------+
2 rows in set (0.00 sec)
mysql> 
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+------------+
| Variable_name | Value      |
+---------------+------------+
| Ssl_cipher    | AES256-SHA |
+---------------+------------+
1 row in set (0.01 sec)

mysql> exit
Bye

    Where

    awssathish.xxyyzz.eu-west-1.rds.amazonaws.com

    is Endpoint of RDS,

    awssathish

    is the username of the rds server

    0 讨论(0)
  • 一生所求
    2021-02-01 05:32

    I used http://aws-blog.io/2016/rds-over-ssl/ You have to get root pem and pem for the region and concatenate 2 files in one. https://s3.amazonaws.com/rds-downloads/rds-ca-2015-us-west-2.pem https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem

    And merge files to have single rds-ca-2015-us-west-2-bundle.pem file. With --ssl-ca provide full path to you pem file.

    0 讨论(0)
 看不清?
提交回复
热议问题