If you enable SSL replication, the binary log transfer between master and slave will be sent through an encrypted connection. This is similar to the server/client connection explained in the preceding section.
- On the master, as explained in the preceding section, you need to enable SSL.
- On the master, copy the
client*
certificates to the slave:
mysql> sudo scp -i $HOME/.ssh/id_rsa /var/lib/mysql/client-key.pem /var/lib/mysql/client-cert.pem <user>@<client_ip>:
- On the slave, create the
mysql-ssl
directory to hold the SSL-related files and set the permissions correctly:
shell> sudo mkdir /etc/mysql-ssl shell> sudo cp client-key.pem client-cert.pem /etc/mysql-ssl/ shell> sudo chown -R mysql:mysql /etc/mysql-ssl shell> sudo chmod 600 /etc/mysql-ssl/client-key.pem shell> sudo chmod 644 /etc/mysql-ssl/client-cert.pem
- On the slave, execute the
CHANGE_MASTER
command with the SSL-related changes on the slave:
mysql> STOP SLAVE; ...