SSL with MySQL does not have to be complicated

I've blogged before about how complicated setting up SSL with MySQL can be. Since then many bugs have been fixed related to SSL.

But still many people are using unencrypted connections for replication and client connections.

This could be because of possible performance degradation. But then it could be used for only the admin connections.

It could also be because they already use SSH or VPN.

But for many it's because they think it's complicated. This is not necessary. I've created mysslgen which makes it easier to setup SSL. Just run and then the CA, server and client certificates and keys will be generated for you. The most difficult part it to get python 3.3 or python 2.7 to run on CentOS/RHEL/OEL 6.
If you think SSL should be part of the default MySQL installation, then click the 'Affects me' button for Bug #70734.

During the creation of mysslgen I found out MySQL fails to load private keys if they are in PKCS#8 format (Bug #71271). So, be careful if you create the private keys yourself!

With SSL enabled it should be easier to grant users the permission to use MySQL for Excel, MySQL with LibreOffice or any other desktop tool with a MySQL feature.