Index | Prev | Next

Preparing a secure MySQL database

Data encryption server authentication are important aspects of secure communication.
Prerequisites: You downloaded MySQL, set up a database, created a separate unique user (not root), and assigned a password. MySQL Workbench is open.

MySQL refers to the secure communication as SSL (Secure Socket Layer). While this term is still used, the actual technology is now TLS (Transport Layer Security). Recent MySQL program files default to TLS (SSL) support. Older versions, such as version 5.7 offer secure communication, but do not enable it by default.

This procedure sets configures a MySQL database and the database user to require secure communication.

Perform the following steps:
  1. To confirm that MySQL version 8.0 defaults to secure communication, click Database > Manage Server Connections in MySQL Workbench, click the SSL tab and confirm that Use SSL is configured to enable secure communication.
    MySQL version 8.0 defaults to If available, which means that it supports TLS.
  2. To confirm that an earlier version of MySQL is configured for secure communication, use the Windows Command Prompt.
    1. Change directories to C:\Program Files\MySQL\MySQL Server n.n\bin (replace n.n with the MySQL version number).
    2. Run this command to open the MySQL Console: mysql -uname -p (replace name with your MySQL user name).

      C:\Program Files\MySQL\MySQL Server 5.7\bin>mysql —uentsecuser —p

    3. Enter your password.
      The MySQL Console opens.

      Enter password: **********

      Welcome to the MySQL monitor. ... etc.

    4. From within the console, run this command: mysql> show global variables like ‘%ssl%’;.
      The monitor displays a table of variables.
    5. Confirm that value of have openssl is YES and the value of have ssl is YES
      “YES” mean that the database is configured for secure communication.
  3. If MySQL does not default to secure communication, either use MySQL Workbench to enable SSL or download a more recent version.
  4. To update a MySQL user to require secure communication, enter these commands at the Command Prompt:
    mysql> UPDATE mysql.user SET ssl type = ‘ANY’; where user is the name of a user you created in MySQL Workbench.

    mysql> FLUSH PRIVILEGES;

The database is ready for you to install a client and the CA root certificates.

Related Links

  • Using OpenSSL to create certificates
  • System security (Parent Topic)

    • Index | Prev | Next