Do NOT use mysql SSL in a production environment. Yes, I have done it. No, you do not want to.
It can be made to work. It is not stable. You will wake up one day wondering why mysql connections are dying. You will google the error messages and find all sorts of info on MySQL mailing lists showing that many others have the same problem. Then you too will recompile MySQL without SSL support and revert to stunnel. Which you should have done in the first place, as others have already suggested. It is not a "custom" solution, it's a very common and most excellent tool used for this purpose. On mysql clients, I bind stunnel to 127.0.0.10?. Increment the last digit for each MySQL server your client wants to connect to. On the mysql server, bind MySQL to the loopback IP and stunnel listens on the network interface and proxies the request to it. Matt On Sep 30, 2008, at 7:23 AM, simon jester wrote: > Due to circumstances beyond my control (mgmt), my RT instances will > be moved > from their present isolated network into the mainstream with other > corporate > devices. As I don't want any sniffers that *might* exist on the wire > to inspect > my traffic to/from the database servers, I'm looking at using the SSL > encryption feature...but I don't know what incantations need to be > used for the > front-end RT instance to successfully communicate. > > If this is explained in a FAQ or manual somewhere, please point me > to it. > > Thanks, in advance... > > > sklutch > > _______________________________________________ > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users > > Community help: http://wiki.bestpractical.com > Commercial support: [EMAIL PROTECTED] > > > Discover RT's hidden secrets with RT Essentials from O'Reilly Media. > Buy a copy at http://rtbook.bestpractical.com _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
