I have trouble connecting a client on a Windows machine though MySQL database on a Linux server, using ODBC with SSL. Without SSL, no problem. I need the connection to be encrypted; I am not so much interested in client identification (x509).
I have purchased a SSL-certificate from a certificate-providing company. This file I saved on the Linux machine. I understand how to configure MySQL through my.cnf to use this certificate, using the ssl-ca=<path to certificate> option.
But then there are the server.crt and server.key files as well. I found these on the server, but as their exact function is not clear to me, it is also unclear whether these files will be OK to use.
It gets worse with the client side. As stated, I do not need a certificate at the client side, but I fail to understand the SSL parameters I need to provide in the ODBC driver.
First of all, do I need to copy the SSL-certificate to the client as well ? From the MySQL documentation I understand that it is sufficient to provide to use the --ssl_ca option, but that suggests that the certificate file be put on the client machine, to be used with that option. I find this confusing. When I use a https-connection to a secure website, I do not have to load some certificate file to use that connection; It is sufficient that the server has a certificate. Why should it be different for MySQL ?
I do understand that in order to force the use of SSL, I need to configure the MySQL user account with GRANT ... REQUIRE SSL.
Linux: Red-Hat 3.2.33(1), (bash)
Client OS: WinXP
Any help is appreciated.