
===================================
STEPS TO GENERATE TEST CERTIFICATES
===================================

1. Create CA cert.
==================

$ openssl genrsa 2048 > ca-key.pem

$ openssl req -new -x509 -nodes -days 3650 -key ca-key.pem -out ca-cert.pem
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:California
Locality Name (eg, city) [Default City]:Redwood
Organization Name (eg, company) [Default Company Ltd]:Oracle
Organizational Unit Name (eg, section) []:MySQL
Common Name (eg, your name or your server's hostname) []:localhost
Email Address []:alexander.soklakov@oracle.com


2. Create server cert.
======================

$ openssl req -newkey rsa:2048 -days 3650 -nodes -keyout server-key.pem -out server-req.pem
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:California
Locality Name (eg, city) [Default City]:Redwood
Organization Name (eg, company) [Default Company Ltd]:Oracle
Organizational Unit Name (eg, section) []:MySQL
Common Name (eg, your name or your server's hostname) []:localhost
Email Address []:alexander.soklakov@oracle.com
A challenge password []:password
An optional company name []:password

$ openssl rsa -in server-key.pem -out server-key.pem
$ openssl x509 -req -in server-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

3. Create truststore
====================

$ keytool -importcert -alias mysqlservercacert -file ca-cert.pem -keystore test-cert-store
Enter keystore password: password
Re-enter new password: password
Trust this certificate? [no]:  yes

==========================
RUN SERVER WITH TEST CERTS
==========================
Add to my.conf:

[mysqld]
ssl-key = "/path/server-key.pem"
ssl-cert = "/path/server-cert.pem"
ssl-ca = "/path/ca-cert.pem"

