Bug #84527 | MySQL auto generates ssl certificates even if compiled against YaSSL | ||
---|---|---|---|
Submitted: | 17 Jan 2017 8:34 | Modified: | 14 Feb 2017 14:30 |
Reporter: | Daniël van Eeden (OCA) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Documentation | Severity: | S3 (Non-critical) |
Version: | 5.7.15, 5.7.17 | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | SSL |
[17 Jan 2017 8:34]
Daniël van Eeden
[17 Jan 2017 9:52]
MySQL Verification Team
Hello Daniël, Thank you for the report and feedback! Thanks, Umesh
[17 Jan 2017 11:19]
Terje Røsten
It's the initscripts which generates the certs: https://github.com/mysql/mysql-server/blob/5.7/packaging/rpm-oel/mysql.init#L120 and this is already documented here: http://dev.mysql.com/doc/refman/5.7/en/linux-installation-rpm.html At the initial start up of the server, the following happens, given that the data directory of the server is empty: The server is initialized. An SSL certificate and key files are generated in the data directory. The validate_password plugin is installed and enabled. A superuser account 'root'@'localhost' is created.
[17 Jan 2017 12:38]
Daniël van Eeden
@Terje Thanks for the explanation I do think at least some info about that should be added to https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-rsa-files-using-mysql.html And it looks like there isn't a auto_generate_certs=OFF like setting for that. Created https://bugs.mysql.com/bug.php?id=84531 for that.
[14 Feb 2017 14:30]
Paul DuBois
Posted by developer: Update to https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-rsa-files-using-mysql.html MySQL provides two ways to create the SSL certificate and key files and RSA key-pair files required to support secure connections using SSL and secure password exchange using RSA over unencrypted connections, if those files are missing: * The server can autogenerate these files at startup, for MySQL distributions compiled using OpenSSL. * Users can invoke the mysql_ssl_rsa_setup utility manually. For some distribution types, such as RPM packages, mysql_ssl_rsa_setup invocation occurs during data directory initialization. In this case, the MySQL distribution need not have been compiled using OpenSSL as long as the openssl command is available.