Overview of Database Cluster SSL Configuration for Group Replication
A clustered database environment contains different nodes, constituting one primary node and one or more secondary nodes. There can be only one primary node at any instant. Each node has its own distinct hostname with a MySQL database instance, which is maintained by a separate configuration for that particular node. All the nodes in the cluster collectively represent the database.
There is a Router as well, which is the first point of contact for any client trying to connect to the database.
When enabling SSL connectivity, all of the database nodes and the Router will need to have their own authorization keys and server certificates. These certificates must be authorized by a common Certificate Authority (CA).
-
ca.pem: The certificate of the common CA (Certification Authority) -
server-cert.pem: The certificate that is certified by the CA for identifying the database node -
server-key.pem: The private key of the individual database node -
router-cert.pem: The certificate that is certified by the CA for identifying the router -
router-key.pem: The private key of the router
Configuration for the Router and database nodes is described in the following tables. For the purpose of this explanation, the following example shows one router and three database nodes.
Table 6-1 Router and Database Node Configuration
| Router | - |
|---|---|
|
Hostname |
|
|
Config Filename |
|
|
Port |
|
|
Common Name |
|
|
Certificate Name |
|
|
Key file name |
|
|
Database Node 1 |
- |
|
Hostname |
|
|
Config Filename |
|
|
Port |
|
|
Common Name |
|
|
Certificate Name |
|
|
Key file name |
|
|
Node Rank |
Primary |
|
Database Node2 |
- |
|
Hostname |
|
|
Config Filename |
|
|
Port |
|
|
Common Name |
|
|
Certificate Name |
|
|
Key file name |
|
|
Node Rank |
Secondary |
|
Database Node3 |
- |
|
Hostname |
|
|
Config Filename |
|
|
Port |
|
|
Common Name |
|
|
Certificate Name |
|
|
Key file name |
|
|
Node Rank |
Secondary |