Managing SSL certificates for MySQL can be somewhat of a pain,
especially when setting it up on multiple machines.
I looked around on the web, and didn’t really run into any
mentions of how to do this for multiple machines, so I dug into
it a bit more.
If you’ve created the certificates before, you’ll know you get
prompted for various bits of information during a couple of the
steps (country, state, email).
However, this can be by-passed by using the -batch option with
the openssl command.
So, to set this up for multiple servers, just loop through the
following 5 commands for your servers:
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3600 -batch -key ca-key.pem > ca-cert.pem
openssl req -newkey rsa:2048 -days 3600 -batch -nodes -keyout server-key.pem >
openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem
-CAkey …[Read more]