oracle@yao mysql$ openssl req -newkey rsa:2048 -days 3650 -nodes -keyout yao1-key.pem -out yao1-req.pemGenerating a 2048 bit RSA private key............................................................................................+++......+++writing new private key to 'yao1-key.pem'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:Locality Name (eg, city) [Default City]:Organization Name (eg, company) [Default Company Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:Email Address []:
Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:

oracle@yao mysql$ ll *.pem-rw-r--r--. 1 oracle oinstall 1704 12月  8 18:57 yao1-key.pem-rw-r--r--. 1 oracle oinstall  952 12月  8 18:57 yao1-req.pem

oracle@yao mysql$ sudo openssl x509 -req -in yao1-req.pem -days 3650 -CA /u01/mysql/ca.pem -CAkey /u01/mysql/ca-key.pem -set_serial 01 -out yao1-cert.pemSignature oksubject=/C=CN/L=Default City/O=Default Company LtdGetting CA Private Key

oracle@yao mysql$ openssl verify -CAfile /u01/mysql/ca.pem /u01/mysql/server-cert.pem yao1-cert.pem /u01/mysql/server-cert.pem: OKyao1-cert.pem: OK

mysql> CREATE USER yao1 REQUIRE SUBJECT '/C=CN/L=Default City/O=Default Company Ltd';ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
mysql> select * from component;+--------------+--------------------+-------------------------------------+| component_id | component_group_id | component_urn                       |+--------------+--------------------+-------------------------------------+|            1 |                  1 | file://component_validate_password  ||            2 |                  2 | file://component_log_filter_dragnet |+--------------+--------------------+-------------------------------------+2 rows in set (0.00 sec)
mysql> uninstall component 'file://component_validate_password';Query OK, 0 rows affected (0.00 sec)
mysql> CREATE USER yao1 REQUIRE SUBJECT '/C=CN/L=Default City/O=Default Company Ltd';Query OK, 0 rows affected (0.00 sec)

oracle@yao mysql$  mysql -uyao1 --ssl-cert yao1-cert.pem --ssl-key yao1-key.pem -p --ssl_ca=/u01/mysql/ca.pemEnter password:Welcome to the MySQL monitor.  Commands end with ; or \g.Your MySQL connection id is 3685Server version: 8.0.31 MySQL Community Server - GPL
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
You are enforcing ssl connection via unix socket. Please considerswitching ssl off as it does not make connection via unix socketany more secure.mysql> \s--------------mysql  Ver 8.0.31 for Linux on x86_64 (MySQL Community Server - GPL)
Connection id:          3685Current database:Current user:           yao1@localhostSSL:                    Cipher in use is ECDHE-RSA-AES128-GCM-SHA256Current pager:          stdoutUsing outfile:          ''Using delimiter:        ;Server version:         8.0.31 MySQL Community Server - GPLProtocol version:       10Connection:             Localhost via UNIX socketServer characterset:    utf8mb4Db     characterset:    utf8mb4Client characterset:    utf8mb4Conn.  characterset:    utf8mb4UNIX socket:            /u01/mysql/mysql.sockBinary data as:         HexadecimalUptime:                 3 days 5 hours 6 min 47 sec
Threads: 5  Questions: 11001  Slow queries: 0  Opens: 4565  Flush tables: 3  Open tables: 319  Queries per second avg: 0.039--------------
mysql>

oracle@yao mysql$ mysqlsh mysql://yao1@127.0.0.1 --ssl-cert yao1-cert.pem --ssl-key yao1-key.pemPlease provide the password for 'yao1@127.0.0.1':Save password for 'yao1@127.0.0.1'? [Y]es/[N]o/Ne[v]er (default No):MySQL Shell 8.0.31
Copyright (c) 2016, 2022, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its affiliates.Other names may be trademarks of their respective owners.
Type '\help' or '\?' for help; '\quit' to exit.Creating a Classic session to 'yao1@127.0.0.1?ssl-cert=yao1-cert.pem&ssl-key=yao1-key.pem'Fetching schema names for auto-completion... Press ^C to stop.Your MySQL connection id is 3686Server version: 8.0.31 MySQL Community Server - GPLNo default schema selected; type \use <schema> to set one. MySQL  127.0.0.1:3306 ssl  JS >