My Oracle Support Banner

Updating SSL certificates in MySQL (Doc ID 2734768.1)

Last updated on FEBRUARY 05, 2021

Applies to:

MySQL Server - Version 8.0 and later
Information in this document applies to any platform.


How to configure MySQL Server using certificates provided by an internal trusted CA or external 3rd party CA and ensure specific application connections are encrypted.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 1. generate a certificate signing request (csr), eg
 2. Send both files securely to the Certificate Authority (CA)
 3. The CA will respond with a signed ( typically usecase may be a server certificate ) certificate and key, along with the CA's root certificate(s) ( often called the chain of trust )
 4. Perform any conversion required to obtain certificate files in PEM format ( as required by MySQL Server )
 5. edit the my.cnf to reflect the new locations / names of the server's certificate and key along with the certificate authority's root certificate ( ca.pem )
 6. create a login with the parameters "require ssl". This prevents any login by this user unless SSL is enabled
 7. login and check status which will show the cypher in use
 Additional Reading

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.