I'm trying to get my head around the use of SSL with MySQL replication. I've spent all day reading blog posts / articles about this, and I'm still no closer to getting an answer to this question:
Essentially I'm trying to understand the relationship between the ca, client & server files.
In my fictional setup I have:
1 x Master DB - Main Site
5 x Slave DBs - Main Site
Each Slave DB connects to a Slave DB on a remote (all different) Customer Site.
Am I right in thinking therefore that I would:
- generate the
ca-cert.pemandca-key.pemfiles on the Master DB - create a set of
client-xxxandserver-xxxfiles on each Slave DB (and a copy of theca-xxx.pemfiles) - Onto each Customer DB I would copy the
ca-cert.pem,client-cert.pem,client-key.pemfrom the matching Slave DB
If one of the customer DB's was compromised would I need to generate a new ca-cert.pem file on the master, and re-distribute it to all remaining slaves & customer DB's (requiring all my DB's to be restarted).
Or could I just delete the server-cert.pem file from that one slave server?
(obviously I could revoke the username/password - but I'm trying to understand the SSL side at present).