springboot连接mysql8

在 Linux 上生成所有证书：

# 生成CA证书
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -key ca-key.pem -out ca.pem -subj "/CN=MySQL-CA"

# 生成服务器证书
openssl req -newkey rsa:2048 -nodes -keyout server-key.pem -out server-req.pem -subj "/CN=mysql-server"
openssl x509 -req -in server-req.pem -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

将 CA 证书（ca.pem）复制到 Windows：

将 PEM 转换为 JKS

keytool -importcert -alias mysqlCA -file D:/ca.pem -keystore D:/mysql_truststore.jks -storepass 123456

　springboot配置

url = "jdbc:mysql://192.168.3.100:3306/ry-plus?" +
        "useSSL=true&" +
        "enabledTLSProtocols=TLSv1.2&" +
        "trustCertificateKeyStoreUrl=file:D:/truststore.jks&" +
        "trustCertificateKeyStorePassword=123456&" +
        "verifyServerCertificate=true"

Linux 服务端配置

将证书文件放入 MySQL 目录：

sudo cp ca.pem server-cert.pem server-key.pem /etc/mysql/ssl/
sudo chown mysql:mysql /etc/mysql/ssl/*
sudo chmod 600 /etc/mysql/ssl/server-key.pem  # 私钥严格权限

修改 MySQL 配置（/etc/mysql/my.cnf或/etc/my.cnf）：

[mysqld]
ssl-ca = /etc/mysql/ssl/ca.pem
ssl-cert = /etc/mysql/ssl/server-cert.pem
ssl-key = /etc/mysql/ssl/server-key.pem

重启 MySQL：

sudo systemctl restart mysqld