More than 3 years have passed since last update.

MySQL に ssl 認証で接続

Last updated at 2021-01-28Posted at 2021-01-28

次のファイルがあるフォルダーで実行します。

client-cert.pem
client-key.pem
server-ca.pem

コマンド

ssl_connect.sh

host="example.com"
user="scott"
pass="secret"
#
mysql --ssl-ca=server-ca.pem --ssl-cert=client-cert.pem \
        --ssl-key=client-key.pem \
        --host=${host} --user=${user} --password=${pass}

Python3

show_tables.py

#! /usr/bin/python
#
#	show_tables.py
#
#						Jan/28/2021
import pymysql.cursors
#
host_aa='example.com' 
user_aa='scott'
pass_aa='secret'
db_aa='dbfirst'
#
connection = pymysql.connect(host=host_aa,
    user=user_aa,
    password=pass_aa,
    db=db_aa,
    charset='utf8',
    cursorclass=pymysql.cursors.DictCursor,
    ssl={'key': './client-key.pem', 'cert': './client-cert.pem', 'ca': './server-ca.pem','check_hostname': False})
cursor = connection.cursor()
cursor.execute("show tables")
result = cursor.fetchall()
# print(result)
for rr in result:
    print(rr)
cursor.close()
connection.close()

Node.js

show_tables.js

#! /usr/bin/node
// ---------------------------------------------------------------
//	show_tables.js
//
//					Jan/28/2021
//
// ---------------------------------------------------------------
'use strict'

var fs = require("fs")
// ---------------------------------------------------------------
console.error ("*** 開始 ***")

var mysql = require('mysql')

var connection = mysql.createConnection ({
	host: 'example.com',
	user: 'scott',
	password: 'secret',
	database : 'dbfirst',
ssl      : {
        ca   : fs.readFileSync('./server-ca.pem'),
        key  : fs.readFileSync('./client-key.pem'),
        cert : fs.readFileSync('./client-cert.pem'),
  }
	})

connection.query("show tables", function (err, rows)
	{
  	if (err) throw err
  	console.log (rows.length)

	rows.forEach(function(row)
		{
		console.log(row)
		})


	connection.end()
	console.error ("*** 終了 ***")
	})

// ---------------------------------------------------------------

show_tables.go

// ----------------------------------------------------------------
//
//	show_tables.go
//
//					Jan/29/2021
//
// ----------------------------------------------------------------
package main

import (
	"crypto/tls"
	"database/sql"
	"fmt"
	"log"
	"os"

	"github.com/go-sql-driver/mysql"
)

func main() {
	fmt.Fprintf (os.Stderr,"*** 開始 ***\n")
	cert, err := tls.LoadX509KeyPair("./client-cert.pem", "./client-key.pem")
	if err != nil {
		log.Fatal(err)
	}
	clientCert := []tls.Certificate{cert}

	mysql.RegisterTLSConfig("custom", &tls.Config{
		Certificates:       clientCert,
		InsecureSkipVerify: true,
	})

	db, err := sql.Open("mysql", "scott:secret@tcp(example.com:3306)/dbfirst?tls=custom")
	if err != nil {
		log.Fatal(err)
	}

	err = db.Ping()
	if err != nil {
		log.Fatal(err)
	}

sql_str := "show tables"
rows, err := db.Query(sql_str)
if err != nil {
        fmt.Println(err)
}
defer rows.Close()

for rows.Next() {
        var name string
    if err := rows.Scan(&name); err != nil {
                fmt.Println(err)
        }
        fmt.Printf ("%s\n",name)
}

if err := rows.Err(); err != nil {
        fmt.Println(err)
        }

	fmt.Fprintf (os.Stderr,"*** 終了 ***\n")
}

// ----------------------------------------------------------------

参考ページ
MySQLでクライアント証明書を使う

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up