MySQL 5.7 enforce SSL

I'm using MySQL 5.7 and I want to set up SSL to force the client to use a cert.
This cert is a self-signed cert that I generate.
I have the cert for both server and client being:
– CA
– cert
– key

Where the CA has the cert for server and client.
I then configured the config file (mysqld.conf) to use the cert:

[mysqld]
ssl
ssl-ca=/database/mysql/ssl/ca-cert.pem
ssl-cert=/database/mysql/ssl/master-public.pem
ssl-key=/database/mysql/ssl/master-private.pem

And run the command to enforce it:

GRANT ALL PRIVILEGES ON `database` TO 'user'@'192.168.10.10' IDENTIFIED BY 'password' REQUIRE SSL;

I can see SSL is enabled and it's picking up the right files running the command:

SHOW VARIABLES LIKE '%ssl%';

However, from the client machine (192.168.10.10. in this example) I can connect via command line without specifying any cert and it just connects.
I can see the connection is using SSL with:

mysql> \s
SSL:            Cipher in use is DHE-RSA-AES256-SHA

But the idea is to allow t he connection only if I use the certs.
Is there a way to enforce it to make sure it won't connect without specifying the cert ?
So I can configure the application to use it and make sure other applications wouldn't access it.

Best Answer

Related Question

Best Answer

Related Solutions

MySQL 5.1.66 SSL connection error ERROR 2026 (HY000)

Mysql – How to verify I’m using SSL to connect to thesql

Related Question