rm -rf 88623 bin/mysqld --initialize-insecure --basedir=$PWD --datadir=$PWD/88623 bin/mysqld --no-defaults --basedir=$PWD --datadir=$PWD/88623 --core-file --socket=/tmp/mysql_ushastry.sock --port=3306 --log-error=$PWD/88623/log.err 2>&1 & [umshastr@hod03]/export/umesh/server/binaries/GABuilds/mysql-5.7.20: bin/mysql_ssl_rsa_setup --datadir=88623/ Generating a 2048 bit RSA private key .........................+++ ......................+++ writing new private key to 'ca-key.pem' ----- Generating a 2048 bit RSA private key ...............................+++ ..................+++ writing new private key to 'server-key.pem' ----- Generating a 2048 bit RSA private key .........+++ ........+++ writing new private key to 'client-key.pem' ----- [umshastr@hod03]/export/umesh/server/binaries/GABuilds/mysql-5.7.20: ls -l 88623/*.pem -rw------- 1 umshastr common 1679 Nov 28 12:10 88623/ca-key.pem -rw-r--r-- 1 umshastr common 1107 Nov 28 12:10 88623/ca.pem -rw-r--r-- 1 umshastr common 1107 Nov 28 12:10 88623/client-cert.pem -rw------- 1 umshastr common 1679 Nov 28 12:10 88623/client-key.pem -rw------- 1 umshastr common 1675 Nov 28 12:10 88623/private_key.pem -rw-r--r-- 1 umshastr common 451 Nov 28 12:10 88623/public_key.pem -rw-r--r-- 1 umshastr common 1107 Nov 28 12:10 88623/server-cert.pem -rw------- 1 umshastr common 1675 Nov 28 12:10 88623/server-key.pem [umshastr@hod03]/export/umesh/server/binaries/GABuilds/mysql-5.7.20/88623: for l in $(&1 & mysql> show variables like 'have%ssl'; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | have_openssl | YES | | have_ssl | YES | +---------------+-------+ 2 rows in set (0.00 sec) mysql> create user 'ushastry'@'localhost'; Query OK, 0 rows affected (0.00 sec) mysql> grant all on *.* to 'ushastry'@'localhost' REQUIRE SSL; Query OK, 0 rows affected, 1 warning (0.00 sec) [umshastr@hod03]/export/umesh/server/binaries/GABuilds/mysql-5.7.20: bin/mysql -uushastry -hlocalhost --protocol=tcp --ssl-ca=88623/ca.pem --ssl-cert=88623/client-cert.pem --ssl-key=88623/client-key.pem Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4 Server version: 5.7.20 MySQL Community Server (GPL) Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> \s -------------- bin/mysql Ver 14.14 Distrib 5.7.20, for linux-glibc2.12 (x86_64) using EditLine wrapper Connection id: 4 Current database: Current user: ushastry@localhost SSL: Cipher in use is DHE-RSA-AES256-SHA Current pager: more Using outfile: '' Using delimiter: ; Server version: 5.7.20 MySQL Community Server (GPL) Protocol version: 10 Connection: localhost via TCP/IP Server characterset: latin1 Db characterset: latin1 Client characterset: utf8 Conn. characterset: utf8 TCP port: 3306 Uptime: 12 sec Threads: 1 Questions: 8 Slow queries: 0 Opens: 105 Flush tables: 1 Open tables: 98 Queries per second avg: 0.666 -------------- ### Split Server-Cert file [umshastr@hod03]/export/umesh/server/binaries/GABuilds/mysql-5.7.20/88623: openssl x509 -in server-cert.pem -out rfc.crt [umshastr@hod03]/export/umesh/server/binaries/GABuilds/mysql-5.7.20/88623: for l in $( \s -------------- bin/mysql Ver 14.14 Distrib 5.7.20, for linux-glibc2.12 (x86_64) using EditLine wrapper Connection id: 4 Current database: Current user: ushastry@localhost SSL: Cipher in use is DHE-RSA-AES256-SHA Current pager: more Using outfile: '' Using delimiter: ; Server version: 5.7.20 MySQL Community Server (GPL) Protocol version: 10 Connection: localhost via TCP/IP Server characterset: latin1 Db characterset: latin1 Client characterset: utf8 Conn. characterset: utf8 TCP port: 3306 Uptime: 12 sec Threads: 1 Questions: 8 Slow queries: 0 Opens: 105 Flush tables: 1 Open tables: 98 Queries per second avg: 0.666 --------------