Secure your MariaDB connections using SSL/TLS to encrypt data in transit, enhancing the security of your database interactions. This guide walks through the process of generating self-signed certificates, configuring MariaDB for SSL/TLS, and enforcing SSL connections.
Prepare Certificate Storage
mkdir /var/lib/mysql/pki
cp /etc/pki/tls/certs/{server.crt,server.key} /var/lib/mysql/pki/
chown -R mysql. /var/lib/mysql/pki
Update MariaDB Configuration
[mysqld]
ssl-cert=/var/lib/mysql/pki/server.crt
ssl-key=/var/lib/mysql/pki/server.key
systemctl restart mariadb
Check SSL/TLS Configuration in MariaDB
SHOW VARIABLES LIKE '%ssl%';
have_ssl and have_openssl are set to YES, and the paths to your certificates are correctly listed.Testing SSL Connection
--ssl option to enforce an SSL connection:mysql --ssl
SHOW STATUS LIKE 'ssl_cipher';
CREATE USER 'redhat'@'%' IDENTIFIED BY 'password' REQUIRE SSL;
GRANT USAGE ON *.* TO 'cent'@'%' REQUIRE SSL;
SELECT user, host, ssl_type FROM mysql.user;
ssl_type set to ANY.