[Koha-bugs] [Bug 15427] Allow db connections using TLS
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Feb 14 15:45:49 CET 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427
--- Comment #11 from Mirko Tietgen <mirko at abunchofthings.net> ---
FYI what remember from testing, I did the following:
- created certificates. This might be helpful
https://dev.mysql.com/doc/refman/5.5/en/creating-ssl-files-using-openssl.html#creating-ssl-files-using-openssl-unix-command-line
- edited koha-conf.xml like this (add <tls>, <ca>, <cert>, <key>)
> <config>
> <db_scheme>mysql</db_scheme>
> <database>koha_koha</database>
> <hostname>127.0.0.1</hostname>
> <port>3306</port>
> <tls>yes</tls>
> <ca>/home/mirko/newcerts/ca.pem</ca>
> <cert>/home/mirko/newcerts/client-cert.pem</cert>
> <key>/home/mirko/newcerts/client-key.pem</key>
> <user>koha_koha</user>
> …
- logged out of the staff client
- ran the following command to output to a text file
> sudo tcpdump -i lo port 3306 -s 65535 -n -q -A > login.yestls3.txt
- logged into the staff client
- stopped tcpdump after a bit
- logged out
- changed config to <tls>no</tls>
- started tcpdump again, output to another file
> sudo tcpdump -i lo port 3306 -s 65535 -n -q -A > login.notls3.txt
- logged into the staff client
- stopped tcpdump after a bit
and then compared the output files, which were obviously different.
I hope I did not forget anything in between, was a while ago.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list