Support

Support for business applications

Kaspersky Security Center 15 Linux

Getting started

Installation

Scenario: Authenticating MySQL Server

Kaspersky Security Center
Нет результатов
Нет результатов
Online Help
FAQ Download Buy Renew Forum Contact support Recovery tools Product videos

Scenario: Authenticating MySQL Server

May 3, 2024

ID 261227

Get as PDF

We recommend that you use a TLS certificate to authenticate the MySQL server. You can use a certificate from a trusted certification authority (CA) or a self-signed certificate. Use a certificate from a trusted CA because a self-signed certificate provides only limited protection.

Administration Server supports both one-way and two-way SSL authentication for MySQL.

Enable one-way SSL authentication

Follow these steps to configure one-way SSL authentication for MySQL:

  1. Navigate to the ServerFlags directory and create a file that corresponds to the KLSRV_MYSQL_OPT_SSL_CA server flag:

    cd /etc/opt/kaspersky/klnagent_srv/1093/1.0.0.0/ServerFlags/

    mkfile KLSRV_MYSQL_OPT_SSL_CA

  2. In the KLSRV_MYSQL_OPT_SSL_CA file, specify the path to the certificate (the ca-cert.pem file).
  3. Specify the certificates in the my.cnf file. Open the my.cnf file in a text editor and add the following lines into the [mysqld] section:

    [mysqld]

    ssl-ca="C:/mysqlCerts/ca-cert.pem"

    ssl-cert="C:/mysqlCerts/server-cert.pem"

    ssl-key="C:/mysqlCerts/server-key.pem"

Enable two-way SSL authentication

Follow these steps to configure two-way SSL authentication for MySQL:

  1. Navigate to the ServerFlags directory and create files that correspond to the server flags:

    cd /etc/opt/kaspersky/klnagent_srv/1093/1.0.0.0/ServerFlags/

    mkfile KLSRV_MYSQL_OPT_SSL_CA

    mkfile KLSRV_MYSQL_OPT_SSL_CERT

    mkfile KLSRV_MYSQL_OPT_SSL_KEY

  2. Edit the created files as follows:

    KLSRV_MYSQL_OPT_SSL_CA: specify the path to the ca-cert.pem file.

    KLSRV_MYSQL_OPT_SSL_CERT: specify the path to the server-cert.pem file.

    KLSRV_MYSQL_OPT_SSL_KEY: specify the path to the server-key.pem file.

    If the server-key.pem requires a passphrase, create a KLSRV_MARIADB_OPT_TLS_PASPHRASE file in the ServerFlags folder and specify the passphrase in it.

  3. Specify the certificates in the my.cnf file. Open the my.cnf file in a text editor and add the following lines into the [mysqld] section:

    [mysqld]

    ssl-ca="C:/mysqlCerts/ca-cert.pem"

    ssl-cert="C:/mysqlCerts/server-cert.pem"

    ssl-key="C:/mysqlCerts/server-key.pem"

Kaspersky Endpoint Security for Linux: High protection without performance compromising
Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.