[Ach] Feedback to applied-crypto-hardening.pdf - Database Systems - MySQL

Torge Riedel torgeriedel at gmx.de
Fri Dec 22 13:50:00 CET 2017


Hi list,

continuing my feedback with Database Systems / MySQL:

# cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.3 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.3 LTS"

# mysql --version
mysql  Ver 14.14 Distrib 5.7.20, for Linux (x86_64) using EditLine wrapper

The guide is working for me. But I'm not sure whether it should be

ssl=1

And - this is maybe out-of-scope - if you want to use Let's Encrypt certs for MySQL, do the following:

mkdir -p /etc/mysql/certs
openssl rsa -in /etc/letsencrypt/live/<mydomain>/privkey.pem -out /etc/mysql/certs/privkey.pem
cp /etc/letsencrypt/live/<mydomain>/cert.pem /etc/mysql/certs/

and configure MySQL like this:

#ssl-ca=/etc/mysql/certs/ca.pem
ssl-cert=/etc/mysql/certs/cert.pem
ssl-key=/etc/mysql/certs/privkey.pem

Regards
Torge



More information about the Ach mailing list