How to Configure MariaDB SSL Connection
Bytebase - Database CI/CD and Security at Scale
Leading open source database DevSecOps solution for Developer, Security, DBA, and Platform Engineering team.
Originally posted in https://www.bytebase.com/reference/mariadb/how-to/how-to-configure-mariadb-ssl-connection/
Hi and welcome to Database DevOps Academy #95! We share Database DevOps insights and best practices for modern engineering organizations weekly. 🍗
In Issue #94, we guide you through the process of configuring MariaDB SSL connection using self-signed certificates. 🐱
This tutorial shows you how to configure MariaDB SSL connection using self-signed certificates. You'll learn to:
Generate SSL certificates (CA, server, client)
Configure MariaDB server for SSL
Test SSL connections from clients
Prerequisites
Ensure you have MariaDB and OpenSSL installed.
Generate SSL Related Files
OpenSSL Config
Set up the configuration file:
Replace ` with your actual server IP address. You can find it with ` or `.
Generate Certificates
Generate Root CA key and certificate:
Generate Server key and certificate:
Replace YOUR_SERVER_IP with your real server IP.
Generate Client key and certificate:
Configure MariaDB Server
Copy SSL files and set permissions:
For macOS (Homebrew):
For Linux systems:
Edit MariaDB configuration file:
Add SSL configuration:
For macOS (Apple Silicon):
For macOS (Intel):
For Linux systems:
Restart MariaDB:
Test SSL Connection
So that you'll be entering MariaDB CLI. You can also verify remote connection by replacing the ` above with your server IP to connect. Check your SSL connection with:
Seeing something like `, so that the SSL connection is ready.
Or use command
You'll see something like:
Summary
You have successfully configured SSL for MariaDB:
Generated CA, server, and client certificates
Configured MariaDB with SSL settings
Tested secure connections from clients
Your MariaDB server now accepts encrypted connections only.