I'm setting up mysql replication using SSL, and have found two different guides.
The first one creates both client and server certs, while the second one only creates server certs.
I don't know enough about SSL to understand the implication of one option over the other. Should the slave be using the client certs or the server certs?
Best Answer
No, you don't need client certificates if you only want to encrypt the connection.
But, if you have client certificates, the master can authenticate the slave using the much more secure public/private keys (in addition to the password).
I got pretty frustrated with the other guides, so I put together a very comprehensive step by step guide to setting up encrypted replication. It shows both what's the minimum required to get encryption running, and how to use certs on both sides to beef up authentication. http://mysql.wingtiplabs.com/documentation/ssl27yzv/encrypt-replication-traffic