Using SSL

To use an encrypted SSL connection, specify the paths to the certificate and keys in the [mysqld] section of the master’s my.cnf or my.ini file:

[mysqld]
ssl-ca=cacert.pem
ssl-cert=server-cert.pem
ssl-key=server-key.pem

where ssl-ca identifies the Certificate Authority certificate, ssl-cert identifies the server public key, and ssl-key identifies the server private key.
On the slave you can specify in the [client] section of the my.cnf or my.ini file the following options. Restart the server with the --skip-slave-start option to prevent the slave from connecting to the master. Then run the subsequent statements below.

[client]
ssl-ca=cacert.pem
ssl-cert=client-cert.pem
ssl-key=client-key.pem

CHANGE MASTER TO
       MASTER_HOST='master_hostname',
       MASTER_USER='replicate',
       MASTER_PASSWORD='password',
       MASTER_SSL=1;
START SLAVE;

CHANGE MASTER TO
       MASTER_HOST='master_hostname',
       MASTER_USER='replicate',
       MASTER_PASSWORD='password',
       MASTER_SSL=1;
START SLAVE;

Alternatively, you can specify the certificate and the keys in the CHANGE MASTER statement:

CHANGE MASTER TO
       MASTER_HOST='master_hostname',
       MASTER_USER='replicate',
       MASTER_PASSWORD='password',
       MASTER_SSL=1,
       MASTER_SSL_CA = 'ca_file_name',
       MASTER_SSL_CAPATH = 'ca_directory_name',
       MASTER_SSL_CERT = 'cert_file_name',
       MASTER_SSL_KEY = 'key_file_name';
START SLAVE;

CHANGE MASTER TO
       MASTER_HOST='master_hostname',
       MASTER_USER='replicate',
       MASTER_PASSWORD='password',
       MASTER_SSL=1,
       MASTER_SSL_CA = 'ca_file_name',
       MASTER_SSL_CAPATH = 'ca_directory_name',
       MASTER_SSL_CERT = 'cert_file_name',
       MASTER_SSL_KEY = 'key_file_name';
START SLAVE;

Setting Up	<<<	HOME PAGE	>>>	Replication with GTIDs
last update: 16 Jun 2024

MENU

Using SSL