Nov 202014
Warning: You need to recreate your cluster if you’re already running and want to change to SSL.
- Create certificates
openssl req -new -x509 -days 3650 -nodes -keyout galera.key -out galera.crt
- Copy them over and configure into use
# grep wsrep_provider_options /etc/mysql/conf.d/galera.cnf wsrep_provider_options="socket.ssl_cert=/etc/mysql/cert/galera.crt;socket.ssl_key=/etc/mysql/cert/galera.key"
- Shut down the cluster and bootstrap it