Do NOT use mysql SSL in a production environment.
Yes, I have done it. No, you do not want to.
It can be made to work. It is not stable. You will wake up one day
wondering why mysql connections are dying. You will google the error
messages and find all sorts of info on MySQL mailing lists showing
that many others have the same problem. Then you too will recompile
MySQL without SSL support and revert to stunnel.
Which you should have done in the first place, as others have already
It is not a “custom” solution, it’s a very common and most excellent
tool used for this purpose.
On mysql clients, I bind stunnel to 127.0.0.10?. Increment the last
digit for each MySQL server your client wants to connect to. On the
mysql server, bind MySQL to the loopback IP and stunnel listens on the
network interface and proxies the request to it.
MattOn Sep 30, 2008, at 7:23 AM, simon jester wrote:
Due to circumstances beyond my control (mgmt), my RT instances will
from their present isolated network into the mainstream with other
devices. As I don’t want any sniffers that might exist on the wire
my traffic to/from the database servers, I’m looking at using the SSL
encryption feature…but I don’t know what incantations need to be
used for the
front-end RT instance to successfully communicate.
If this is explained in a FAQ or manual somewhere, please point me
Thanks, in advance…
Community help: http://wiki.bestpractical.com
Commercial support: firstname.lastname@example.org
Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com