From 035081d09e8c8aa211fa8b11de49642d9720bc07 Mon Sep 17 00:00:00 2001 From: ningyali <845128620@qq.com> Date: Wed, 29 May 2024 02:04:13 +0000 Subject: [PATCH 1/4] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20ningyali?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/zh/blogs/ningyali/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 app/zh/blogs/ningyali/.keep diff --git a/app/zh/blogs/ningyali/.keep b/app/zh/blogs/ningyali/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 4e166b4898c3db96cab2aeafbcd172558840f4ae Mon Sep 17 00:00:00 2001 From: ningyali <845128620@qq.com> Date: Wed, 29 May 2024 02:04:52 +0000 Subject: [PATCH 2/4] =?UTF-8?q?openGauss=E4=BD=BF=E7=94=A8gsql=E8=BF=9B?= =?UTF-8?q?=E8=A1=8Cssl=E8=BF=9E=E6=8E=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: ningyali <845128620@qq.com> --- ...36\346\216\245\346\265\213\350\257\225.md" | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 "app/zh/blogs/ningyali/openGauss\344\275\277\347\224\250gsql\350\277\233\350\241\214SSL\350\277\236\346\216\245\346\265\213\350\257\225.md" diff --git "a/app/zh/blogs/ningyali/openGauss\344\275\277\347\224\250gsql\350\277\233\350\241\214SSL\350\277\236\346\216\245\346\265\213\350\257\225.md" "b/app/zh/blogs/ningyali/openGauss\344\275\277\347\224\250gsql\350\277\233\350\241\214SSL\350\277\236\346\216\245\346\265\213\350\257\225.md" new file mode 100644 index 00000000..09c7ba35 --- /dev/null +++ "b/app/zh/blogs/ningyali/openGauss\344\275\277\347\224\250gsql\350\277\233\350\241\214SSL\350\277\236\346\216\245\346\265\213\350\257\225.md" @@ -0,0 +1,72 @@ +--- +title: '使用gsql进行SSL连接测试' +date: '2024-05-29' +category: 'blog' +tags: ['openGauss-ssl连接测试'] +archives: '2024-05' +author: 'ningyali' +summary: 'openGauss客户端接入认证' +times: '09:48' +--- + +# openGauss使用gsql进行SSL连接测试 + +## 1.配置参数,开启SSL认证模式 + +gs_guc set -N all -I all -c "ssl=on" -c "require_ssl=on" + +gs_om -t restart + +## 2.配置客户端接入认证参数,IP为所要连接的主机IP + +(pg_hba.conf文件)(注意将ip修改为数据库主机ip) + +gs_guc reload -N all -I all -h "hostssl all all IP/32 cert" + +## 3.配置SSL认证相关的数字证书参数 + +gs_guc set -N all -I all -c "ssl_cert_file='server.crt'" -c "ssl_key_file='server.key'" -c "ssl_ca_file='cacert.pem'" + +gs_om -t restart + +## 4.数据库创建用户和密码,并赋予权限 + +(后续使用该用户和密码进行ssl连接) + +create user u_ssl password '******'; + +grant all privileges to u_ssl; + +## 5.生成证书(可用开源文件create_ca.sh或自己生成),并将压缩包db_cert_replacement.zip发送到数据库主机的数据库初始用户(omm)下的人员路径,如/home/omm/ + +开源文件create_ca.sh:https://gitee.com/opengauss/Yat/blob/master/openGaussBase/testcase/script/create_ca.sh + +注意:生成证书使用的用户名和密码应与第4步一致。如使用create_ca.sh生成证书,username为数据库初始用户,如omm;login_user为ssl连接用户,与第4步一致;userpwd为ssl连接用户连接密码,与第4步一致。 + +chown omm:omm /home/omm/db_cert_replacement.zip + +## 6.替换证书 + +gs_om -t cert --cert-file=/home/omm/db_cert_replacement.zip + +gs_om -t restart + +## 7.发送压缩包db-cert-replacement.zip到数据库主机数据库用户家目录下,并解压 + +chown omm:omm /home/omm/db_cert_replacement.zip + +## 8.指定客户端证书文件 + +export PGSSLCERT='/home/omm/client.crt' + +export PGSSLKEY='/home/omm/client.key' + +export PGSSLMODE='verify-ca' + +export PGSSLROOTCERT='/home/omm/cacert.pem' + +## 9.gsql连接 + +gsql -d tpccdb -U u_ssl -W "**********" -h 数据库主机ip + +![image-20240529095405779](C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\image-20240529095405779.png) \ No newline at end of file -- Gitee From c691ef27e11d86137463d46d2c795ef043fe37e2 Mon Sep 17 00:00:00 2001 From: ningyali <845128620@qq.com> Date: Wed, 29 May 2024 02:15:53 +0000 Subject: [PATCH 3/4] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20app/?= =?UTF-8?q?zh/blogs/ningyali/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/zh/blogs/ningyali/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 app/zh/blogs/ningyali/.keep diff --git a/app/zh/blogs/ningyali/.keep b/app/zh/blogs/ningyali/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From bf2660b4900fba497409e16f4c411b7a513803f7 Mon Sep 17 00:00:00 2001 From: ningyali <845128620@qq.com> Date: Wed, 29 May 2024 02:16:34 +0000 Subject: [PATCH 4/4] =?UTF-8?q?update=20app/zh/blogs/ningyali/openGauss?= =?UTF-8?q?=E4=BD=BF=E7=94=A8gsql=E8=BF=9B=E8=A1=8CSSL=E8=BF=9E=E6=8E=A5?= =?UTF-8?q?=E6=B5=8B=E8=AF=95.md.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: ningyali <845128620@qq.com> --- ...1\214SSL\350\277\236\346\216\245\346\265\213\350\257\225.md" | 2 -- 1 file changed, 2 deletions(-) diff --git "a/app/zh/blogs/ningyali/openGauss\344\275\277\347\224\250gsql\350\277\233\350\241\214SSL\350\277\236\346\216\245\346\265\213\350\257\225.md" "b/app/zh/blogs/ningyali/openGauss\344\275\277\347\224\250gsql\350\277\233\350\241\214SSL\350\277\236\346\216\245\346\265\213\350\257\225.md" index 09c7ba35..bf38ab21 100644 --- "a/app/zh/blogs/ningyali/openGauss\344\275\277\347\224\250gsql\350\277\233\350\241\214SSL\350\277\236\346\216\245\346\265\213\350\257\225.md" +++ "b/app/zh/blogs/ningyali/openGauss\344\275\277\347\224\250gsql\350\277\233\350\241\214SSL\350\277\236\346\216\245\346\265\213\350\257\225.md" @@ -68,5 +68,3 @@ export PGSSLROOTCERT='/home/omm/cacert.pem' ## 9.gsql连接 gsql -d tpccdb -U u_ssl -W "**********" -h 数据库主机ip - -![image-20240529095405779](C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\image-20240529095405779.png) \ No newline at end of file -- Gitee