1. 安裝 OpenSSL:下載 OpenSSL Version 0.9.6 (www.openssl.org)shell> zcat 0.96l.tar.gz tar xvf -shell> ./configshell> makeshell> make install
2. 安裝 mysql:下載 MySQL Version 4.0.14 Source (mysql-4.0.14.tar.gz)shell> groupadd mysqlshell> useradd -g mysql mysqlshell> gunzip < mysql-VERSION.tar.gz tar -xvf -shell> cd mysql-VERSIONshell> ./configure --prefix=/usr/local/mysql --with –openssl --with -vioshell> makeshell> make installshell> cp support-files/my-medium.cnf /etc/my.cnfshell> cd /usr/local/mysqlshell> bin/mysql_install_db --user=mysqlshell> chown -R root .shell> chown -R mysql varshell> chgrp -R mysql .shell> bin/mysqld_safe --user=mysql &
3. 修改mysql密碼及訪問權限 (根據需要。可能造成安全問題)shell> cd /usr/local/mysql/bin/shell> ./mysql -u root –pmysql> INSERT INTO mysql.user VALUES ('%','root', PASSWord('1qw23e'),'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0);
4. 生成SSL證書DIR=`pwd`/opensslPRIV=$DIR/privatemkdir $DIR $PRIV $DIR/newcertscp /usr/share/ssl/openssl.cnf $DIRreplace ./demoCA $DIR -- $DIR/openssl.cnf# Create necessary files: $database, $serial and $new_certs_dir# Directory (optional)toUCh $DIR/index.txtecho "01" > $DIR/serial# Generation of Certificate Authority(CA)openssl req -new -x509 -keyout $PRIV/cakey.pem -out $DIR/cacert.pem \-config $DIR/openssl.cnfNote : if you were requested to enter "PEM pass", please enter different "PEM pass" in the following steps.# Create server request and keyopenssl req -new -keyout $DIR/server-key.pem -out \$DIR/server-req.pem -days 3600 -config $DIR/openssl.cnf# Remove the passphrase from the key (optional)openssl rsa -in $DIR/server-key.pem -out $DIR/server-key.pem# Sign server certopenssl ca -policy policy_anything -out $DIR/server-cert.pem \-config $DIR/openssl.cnf -infiles $DIR/server-req.pem# Create client request and keyopenssl req -new -keyout $DIR/client-key.pem -out \$DIR/client-req.pem -days 3600 -config $DIR/openssl.cnf# Remove a passphrase from the key (optional)openssl rsa -in $DIR/client-key.pem -out $DIR/client-key.pem# Sign client certopenssl ca -policy policy_anything -out $DIR/client-cert.pem \-config $DIR/openssl.cnf -infiles $DIR/client-req.pem
5. 修改選項文件/etc/my.cnf[client]ssl-ca=$DIR/cacert.pemssl-cert=$DIR/client-cert.pemssl-key=$DIR/client-key.pem[mysqld]ssl-ca=$DIR/cacert.pemssl-cert=$DIR/server-cert.pemssl-key=$DIR/server-key.pem
6. 測試啟動mysql$DIR 是選項文件my.cnf 的路徑shell> mysqld --defaults-file=$DIR/my.cnf &Then invoke a client program using the same option file:shell> mysql --defaults-file=$DIR/my.cnf執行以下語句,如果返回以下結果,安裝完全成功mysql> SHOW VARIABLES LIKE 'have_openssl';+---------------+-------+ Variable_name Value +---------------+-------+ have_openssl YES +---------------+-------+
7. 啟動MySQL daemon/usr/local/libexec/mysqld -u mysql & 或者 /usr/local/sbin/mysqld &