LoginSignup
2
3

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@PeranikovinMercari

GoでMySQLにCA証明書を使ってアクセスする

Posted at

このようにすれば接続できる。

package main

import (
	"crypto/tls"
	"crypto/x509"
	"database/sql"
	"errors"
	"io/ioutil"

	"github.com/go-sql-driver/mysql"
)

func registerTlsConfig(pemPath, tlsConfigKey string) (err error) {
	caCertPool := x509.NewCertPool()
	pem, err := ioutil.ReadFile(pemPath)
	if err != nil {
		return
	}

	if ok := caCertPool.AppendCertsFromPEM(pem); !ok {
		return errors.New("Failed to append PEM.")
	}
	mysql.RegisterTLSConfig(tlsConfigKey, &tls.Config{
		ClientCAs:          caCertPool,
		InsecureSkipVerify: true, // 必要に応じて
	})

	return
}


func main() {
  registerTlsConfig("/path/client-ca.pem", "custom")
  if err != nil {
    panic(err)
  }
  db, err := sql.Open("mysql", "user:password@tcp(127.0.0.1:3306)/database?tls=custom")
}

解説

go-sql-driver/mysqlのRegisterTLSConfigにRootCAとキーペアを使用して接続するサンプルコードがある。今回はこれを修正してCA証明書を用いてMySQLにアクセスできるようにした。

2
3
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
2
3

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?