Support

Support for business applications

Kaspersky Security Center 15 Linux

Deployment best practices

Hardening Guide

Scenario: Authenticating MySQL Server

Kaspersky Security Center
Нет результатов
Нет результатов
Online Help
FAQ Download Buy Renew Forum Contact support Recovery tools Product videos

Scenario: Authenticating MySQL Server

May 13, 2024

ID 261227

Get as PDF

We recommend that you use a TLS certificate to authenticate the MySQL server. You can use a certificate from a trusted certification authority (CA) or a self-signed certificate. Use a certificate from a trusted CA because a self-signed certificate provides only limited protection.

Administration Server supports both one-way and two-way SSL authentication for MySQL.

Enable one-way SSL authentication

Follow these steps to configure one-way SSL authentication for MySQL:

  1. Generate a self-signed SSL or TLS certificate for SQL Server according to the certificate requirements.

    If you already have a certificate for SQL Server, skip this step.

    An SSL certificate is only applicable to SQL Server versions earlier than 2016 (13.x). In SQL Server 2016 (13.x) and later versions, use a TLS certificate.

  2. Create a server flag file.

    Navigate to the ServerFlags directory and create a file that corresponds to the KLSRV_MYSQL_OPT_SSL_CA server flag:

    cd /etc/opt/kaspersky/klnagent_srv/1093/1.0.0.0/ServerFlags/

    touch KLSRV_MYSQL_OPT_SSL_CA

  3. Modify the server flag file.

    In the KLSRV_MYSQL_OPT_SSL_CA file, specify the path to the certificate (the ca-cert.pem file).

  4. Configure the database.

    Specify the certificates in the my.cnf file. Open the my.cnf file in a text editor and add the following lines into the [mysqld] section:

    [mysqld]

    ssl-ca="C:\mysqlCerts\ca-cert.pem"

    ssl-cert="C:\mysqlCerts\server-cert.pem"

    ssl-key="C:\mysqlCerts\server-key.pem"

Enable two-way SSL authentication

Follow these steps to configure two-way SSL authentication for MySQL:

  1. Create server flag files.

    Navigate to the ServerFlags directory and create files that correspond to the server flags:

    cd /etc/opt/kaspersky/klnagent_srv/1093/1.0.0.0/ServerFlags/

    touch KLSRV_MYSQL_OPT_SSL_CA

    touch KLSRV_MYSQL_OPT_SSL_CERT

    touch KLSRV_MYSQL_OPT_SSL_KEY

  2. Modify server flag files.

    Edit the created files as follows:

    KLSRV_MYSQL_OPT_SSL_CA: specify the path to the ca-cert.pem file.

    KLSRV_MYSQL_OPT_SSL_CERT: specify the path to the server-cert.pem file.

    KLSRV_MYSQL_OPT_SSL_KEY: specify the path to the server-key.pem file.

    If the server-key.pem requires a passphrase, create a KLSRV_MARIADB_OPT_TLS_PASPHRASE file in the ServerFlags folder and specify the passphrase in it.

  3. Configure the database.

    Specify the certificates in the my.cnf file. Open the my.cnf file in a text editor and add the following lines into the [mysqld] section:

    [mysqld]

    ssl-ca="C:\mysqlCerts\ca-cert.pem"

    ssl-cert="C:\mysqlCerts\server-cert.pem"

    ssl-key="C:\mysqlCerts\server-key.pem"

Kaspersky Endpoint Security for Linux: High protection without performance compromising
Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.