MySQL Master-Slave replication with SSL

Published on Author adminLeave a comment

logo-mysql-110x57

To protect data while it is transferred throughout the Internet can be done using SSL. For example if you need to replicate mysql data from one datacenter to another.

This is the instruction how to setup MySQL master-slave replication with ssl.

1. Create the root key:

2. Create the root certificate:

Running the command above we need to answer several questions. e.g.:

3. Create a certificate for MASTER server and sign it with the root certificate generated above(steps 1-2):

4. Create a certificate for SLAVE and sign it with the root certificate generated above(steps 1-2):

5. Upload to the MASTER server files ca-cert.pem, db1-cert.pem, db1-key.pem to the /etc/mysql/openssl:
6. At the MASTER server edit my.cnf. Append mysqld section with:

7. On the MASTER server create a user for replication:

8. Upload to the SLAVE server files ca-cert.pem, db2-cert.pem, db2-key.pem to the /etc/mysql/openssl:
9. On the SLAVE server edit my.cnf. Define the database to replicate. e.g. database1:

10. On the SLAVE server execute CHANGE MASTER TO:

11. Start Replication(on the SLAVE server)

12. Check replication status(on the SLAVE server):

That’s it!

P.S. This article doesn’t cover whole replication setup. It describes the part where ssl is used.