Using SSL with MySQL

If you ever make remote connections to a MySQL database, it’s extremely important to connect over SSL. Otherwise, you run the risk of someone seeing data in transit, modifying data in transit, or, worst of all, stealing your credentials. This could be an utter disaster.

Unfortunately, getting MySQL to use SSL is kind of complicated. Here’s how to do it.

Make Sure SSL is Enabled

First, make sure your installation of MySQL supports SSL. Using PHPMyAdmin, a MySQL command-line prompt, or whatever you prefer, run this command:

You should get a result looking something like this:

If you see “DISABLED” next to “have_openssl” and “have_ssl”, great – that means that your copy of MySQL supports SSL. If you see “NO”, you need to recompile or reinstall MySQL. If you see “YES”, you’re already done!

Create SSL Certificates

Now, you need to create some SSL certificates. Go to wherever you want to store them (I’d suggest something like /home/mysql/certs) and run the following commands:

Enter information as needed at the prompts. This will create self-signed client and server keys for you to use. The last two lines are very important! OpenSSL versions 1.0 and newer create keys in the PKCS #8 format, but MySQL expects them to be in the PKCS #1 format, so you have to run these commands to convert the keys we just created. You can read more about that problem in this Ask Ubuntu question: Enabling SSL in MySQL.

Tell MySQL to Use the Certificates

Edit your my.cnf file (probably at /etc/my.cnf) to include the following entries:

(If you used a directory other than /home/mysql/certs above, use it in the entries here.) If your my.cnf file already has mysqld and/or client sections, just add the appropriate entries to those sections.

Restart MySQL. The command varies by system, but will usually be something like service mysql restart.

Test It

Run this command again:

You should see something like this:

If so, congratulations! You’re done! If not, you might find the post Debugging MySQL SSL Problems on the Percona blog helpful.

Have you had problems with MySQL over SSL? Let me know in the comments! I’ll try to help you out!

Stack Overflow Moderator Elections, Part III

As I posted here and again here, I stood for election as a moderator on Stack Overflow this year. While I was not elected, I made it much further than I expected and finished in sixth place out of 32 nominees, 30 primary candidates, and 10 general-election candidates.

Stack Overflow is an amazing site, and the moderators have a tremendous responsibility. The candidates elected are all excellent choices who I know are already making the site even better. That said, I greatly appreciate the thousands of people who cast a vote for me, and I am deeply humbled that so many people thought of me as a good choice for the role. Thank you.

Stack Overflow Moderator Elections, Part II

In case you missed my first post on this topic, I am a candidate in the 2015 Stack Overflow moderator elections. I made it through the nomination phase (32 candidates) and primary (30 candidates), and now I’m in the general election with only 10 candidates for 3 spots remaining! I am extremely honored and humbled to have received so many votes in the primary phase, especially with so many amazing candidates. Thank you to all who supported me!

I would really appreciate your vote in the general election! I would also urge you to vote for Martijn Pieters and meager, though I don’t think you can go wrong with anyone in this amazing group.

Larry Niven Programming Quote

Please remember to read all of the remaining candidates’ nomination comments and candidate questionnaire answers.

4 Lessons from Moving

Well, it has been about a month since we moved, so it’s time for me to share a few thoughts about it.

You Need Professionals. Moving is a huge pain. So are the processes of selling and buying houses. You know that. I know that. But there are people out there who refuse to let it get them down. We worked with some amazing people. Our real estate agent and mortgage broker made an awesome team and headed off a potential disaster when one of the other parties involved ran into problems. Our movers were similarly, awesomely efficient and professional. If you are looking to move in the Houston, Texas area, give me a shout; I would love to recommend them to you.

Keys Were Everywhere. One of the biggest surprises for me was just how many unidentified keys we had floating around. When I was a little kid, I thought old keys were awesome. Now, they are just unrecognized but potentially important clutter, the worst kind of tchotchke. My solution: henceforth, every key we own gets cataloged in Evernote, with a photo, a description of what it does, and, if we have multiple copies, both the number of copies and where they are stored.

Paper Was Everywhere. We also have a veritable sea of paper floating around. The solution to this is easy: go paperless. The best way to do this, hands down, is the Fujitsu ScanSnap iX500 Deluxe Bundle Scanner for PC. It includes the Fujitsu ScanSnap iX500 scanner, which is incredibly fast, accurate, flexible, and user-friendly, as well as a full copy of Adobe Acrobat (Standard). It has already helped us digitize a tremendous amount of paper, with more to follow. Of course, Evernote is indispensable for this task, too.

You Need a Budget. Finally, of course, You Need a Budget (affectionately known as YNAB), about which I’ve written before, was also indispensable for the budgeting and money-management side of things.

Disclaimer: the Evernote, YNAB, and Amazon links in this post are affiliate links. I may receive site credits or a portion of the sale for purchases and registrations made through those links.