# Create CA certificate
shell> openssl genrsa 2048 > ca-key.pem
shell> openssl req -new -x509 -nodes -days 3600 \
-key ca-key.pem -out ca-cert.pem
# Create server certificate, remove passphrase, and sign it
# server-cert.pem = public key, server-key.pem = private key
shell> openssl req -newkey rsa:2048 -days 3600 \
-nodes -keyout server-key.pem -out server-req.pem
shell> openssl rsa -in server-key.pem -out server-key.pem
shell> openssl x509 -req -in server-req.pem -days 3600 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
# Create client certificate, remove passphrase, and sign it
# client-cert.pem = public key, client-key.pem = private key
shell> openssl req -newkey rsa:2048 -days 3600 \
-nodes -keyout client-key.pem -out client-req.pem
shell> openssl rsa -in client-key.pem -out client-key.pem
shell> openssl x509 -req -in client-req.pem -days 3600 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
Для создания сертификата и использования его в дальнейшем в .NET приложениях (из каталога с сетрификатами):
openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -certfile cacert.pem -out client.pfx Для подключения к серверу используя файл сертификата:
using (MySqlConnection connection = new MySqlConnection( "database=test;user=sslclient;" + "CertificateFile=D:\\client.pfx" + "CertificatePassword=pass;" + "SSL Mode=Required ")) { connection.Open(); } Если сертификат в персональном хранилище:
using (MySqlConnection connection = new MySqlConnection( "database=test;user=sslclient;" + "Certificate Store Location=CurrentUser;" + "SSL Mode=Required")) { connection.Open(); }