Acest tutorial iti arata cum sa securizezi conexiunile catre baza de date MySQL folosind SSL. Astfel, utilizatorii care se conecteaza remote (ex: Navicat) vor putea accesa baza de date doar folosind certificate valide, crescand securitatea serverului tau Metin2.
Instaleaza openssl (daca nu este deja instalat):
Code:
pkg install openssl
Deschide mysql-setup-ssl.sh si adauga:
Code:
#!/bin/bash
cd /var/db/mysql
# 1. generate CA
openssl genrsa 2048 > ca-key.pem
# 2. generate server cert
openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem -subj "/CN=$(hostname) CA" > ca-cert.pem
openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout server-key.pem -subj "/CN=$(hostname)" > server-req.pem
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -sha1 -req -in server-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
# 3. generate client cert
openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout client-key.pem -subj "/CN=$(hostname)-client" > client-req.pem
openssl rsa -in client-key.pem -out client-key.pem
openssl x509 -sha1 -req -in client-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
chown mysql *.pem
chmod 0600 *.pem
Deschide my.cnf si cauta:
Code:
# configuratia mysql
la acest mesaj și conținutul se va afișa automat.Daca intampini probleme cu plugin-urile sha256_password sau caching_sha_2_password si MySQL nu porneste, verifica log-ul si daca apare eroare legata de lipsa cheilor RSA, urmeaza pasii de mai jos.
Deschide srv.err si cauta:
Code:
RSA private key file not found
RSA public key file not found
Deschide terminal si ruleaza:
Code:
openssl genrsa -out /var/db/mysql/private_key.pem 2048
openssl rsa -in /var/db/mysql/private_key.pem -pubout -out /var/db/mysql/public_key.pem
chown mysql:mysql /var/db/mysql/private_key.pem /var/db/mysql/public_key.pem
chmod 600 /var/db/mysql/private_key.pem
chmod 644 /var/db/mysql/public_key.pem
Code:
# configuratia mysql
Restarteaza MySQL si verifica daca ruleaza corect:
Code:
service mysql-server restart
service mysql-server status
Deschide mysql si cauta:
Code:
# consola mysql
Acum conexiunile fara SSL nu vor mai functiona.
- client-key.pem
- client-cert.pem
- ca-cert.pem
In Navicat trebuie sa editam conexiune la sectiunea SSL:
1. Bifeaza “Use SSL”.
2. Bifeaza "Use authentication".
3. Completeaza cu informatiile generate.
Apasa pe "Test Connection" sa vezi daca functioneaza.
Daca primesti eroare de tip certificat expirat, verifica ora si timezone-ul serverului (FreeBSD) si regenereaza certificatele.
Exemplu eroare:
2026 - SSL connection error: Server certificate validation failed. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error 0x800B0101(CERT_E_EXPIRED)
- aici ne-am strans toata comunitatea de Metin2 din Romania.
