Home Explore Help
Sign In
Database
/
manticoresearch
mirror of https://github.com/manticoresoftware/manticoresearch.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
manticoresearch
/
.translation-cache
/
Security
/
SSL.md.json

SSL.md.json 59 KB
Permalink History Raw

123456789101112131415161718192021222324252627 
  1. {
    2. 

  2.     "dd44361debca42ce9901fb73f0070f2a4bad885dadb5cf53065d821f61bfe488": {
    3. 

  3.         "original": "# SSL\n\nIn many cases, you might want to encrypt traffic between your client and the server. To do that, you can specify that the server should use the [HTTPS protocol](../Server_settings/Searchd.md#listen) rather than HTTP.\n\n<!-- example CA 1 -->\n\nTo enable HTTPS, at least the following two directives should be set in the [searchd](../Server_settings/Searchd.md) section of the config, and there should be at least one [listener](../Server_settings/Searchd.md#listen) set to `https`\n\n* [ssl_cert](../Server_settings/Searchd.md#ssl_cert) certificate file\n* [ssl_key](../Server_settings/Searchd.md#ssl_key) key file\n\nIn addition to that, you can specify the certificate authority's certificate (aka root certificate) in:\n\n* [ssl_ca](../Server_settings/Searchd.md#ssl_ca) certificate authority's certificate file\n\n\n<!-- intro -->\n##### with CA:\n\n<!-- request with CA -->\nExample with CA:\n\nCODE_BLOCK_0\n\n<!-- request without CA -->\nExample without CA:\n\nCODE_BLOCK_1\n<!-- end -->\n\n## Generating SSL files\n\nThese steps will help you generate the SSL certificates using the 'openssl' tool.\n\nThe server can use a Certificate Authority to verify the signature of certificates, but it can also work with just a private key and certificate (without the CA certificate).\n\n#### Generate the CA key\n\nCODE_BLOCK_2\n\n#### Generate the CA certificate from the CA key\n\nTo generate a self-signed CA (root) certificate from the private key (make sure to fill in at least the \"Common Name\"), use the following command:\n\nCODE_BLOCK_3\n\n#### Server Certificate\n\nThe server uses the server certificate to secure communication with the client. To generate the certificate request and server private key (ensure that you fill in at least the \"Common Name\" and that it is different from the root certificate's common name), execute the following commands:\n\nCODE_BLOCK_4\n\nOnce completed, you can verify that the key and certificate files were generated correctly by running:\n\nCODE_BLOCK_5\n\n## Secured connection behaviour\n\nWhen your SSL configuration is valid, the following features are available:\n\n * You can connect to the multi-protocol port (when no [listener type](../Server_settings/Searchd.md#listen) is specified) over HTTPS and run queries. Both the request and response will be SSL encrypted.\n * You can connect to the dedicated https port with HTTP and run queries. The connection will be secured (attempting to connect to this port via plain HTTP will be rejected with a 400 error code).\n * You can connect to the MySQL port with a MySQL client using a secured connection. The session will be secured. Note that the Linux `mysql` client tries to use SSL by default, so a typical connection to Manticore with a valid SSL configuration will most likely be secured. You can check this by running the SQL 'status' command after connecting.\n\nIf your SSL configuration is not valid for any reason (which the daemon detects by the fact that a secured connection cannot be established), apart from an invalid configuration there may be other reasons, such as the inability to load the appropriate SSL library at all. In this case, the following things will not work or will work in a non-secured manner:\n\n* You cannot connect to the multi-protocol port with HTTPS. The connection will be dropped.\n* You cannot connect to the dedicated `https` port. The HTTPS connections will be dropped\n* Connection to the `mysql` port via a MySQL client will not support SSL securing. If the client requires SSL, the connection will fail. If SSL is not required, it will use plain MySQL or compressed connections.\n\n### Caution:\n\n* Binary API connections (such as connections from old clients or inter-daemons master-agent communication) are not secured.\n* SSL for replication needs to be set up separately. However, since the SST stage of the replication is done through the binary API connection, it is not secured either.\n* You can still use any external proxies (e.g., SSH tunneling) to secure your connections.\n<!-- proofread -->\n\n",
    4. 

  4.         "translations": {
    5. 

  5.             "chinese": "# SSL\n\n\u5728\u8bb8\u591a\u60c5\u51b5\u4e0b\uff0c\u60a8\u53ef\u80fd\u5e0c\u671b\u52a0\u5bc6\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u6d41\u91cf\u3002\u4e3a\u6b64\uff0c\u60a8\u53ef\u4ee5\u6307\u5b9a\u670d\u52a1\u5668\u4f7f\u7528[HTTPS\u534f\u8bae](../Server_settings/Searchd.md#listen)\u800c\u4e0d\u662fHTTP\u3002\n\n<!-- example CA 1 -->\n\n\u8981\u542f\u7528HTTPS\uff0c\u81f3\u5c11\u5e94\u5728\u914d\u7f6e\u6587\u4ef6\u7684[searchd](../Server_settings/Searchd.md)\u90e8\u5206\u8bbe\u7f6e\u4ee5\u4e0b\u4e24\u4e2a\u6307\u4ee4\uff0c\u5e76\u4e14\u5e94\u81f3\u5c11\u6709\u4e00\u4e2a[\u76d1\u542c\u5668](../Server_settings/Searchd.md#listen)\u8bbe\u7f6e\u4e3a`https`\n\n* [ssl_cert](../Server_settings/Searchd.md#ssl_cert) \u8bc1\u4e66\u6587\u4ef6\n* [ssl_key](../Server_settings/Searchd.md#ssl_key) \u5bc6\u94a5\u6587\u4ef6\n\n\u9664\u6b64\u4e4b\u5916\uff0c\u60a8\u8fd8\u53ef\u4ee5\u6307\u5b9a\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7684\u8bc1\u4e66\uff08\u5373\u6839\u8bc1\u4e66\uff09\uff1a\n\n* [ssl_ca](../Server_settings/Searchd.md#ssl_ca) \u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7684\u8bc1\u4e66\u6587\u4ef6\n\n\n<!-- intro -->\n##### \u4f7f\u7528CA\uff1a\n\n<!-- request with CA -->\n\u5e26CA\u7684\u793a\u4f8b\uff1a\n\nCODE_BLOCK_0\n\n<!-- request without CA -->\n\u65e0CA\u7684\u793a\u4f8b\uff1a\n\nCODE_BLOCK_1\n<!-- end -->\n\n## \u751f\u6210SSL\u6587\u4ef6\n\n\u4ee5\u4e0b\u6b65\u9aa4\u5c06\u5e2e\u52a9\u60a8\u4f7f\u7528 'openssl' \u5de5\u5177\u751f\u6210SSL\u8bc1\u4e66\u3002\n\n\u670d\u52a1\u5668\u53ef\u4ee5\u4f7f\u7528\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u6765\u9a8c\u8bc1\u8bc1\u4e66\u7684\u7b7e\u540d\uff0c\u4f46\u4e5f\u53ef\u4ee5\u4ec5\u4f7f\u7528\u79c1\u94a5\u548c\u8bc1\u4e66\uff08\u4e0d\u542bCA\u8bc1\u4e66\uff09\u5de5\u4f5c\u3002\n\n#### \u751f\u6210CA\u5bc6\u94a5\n\nCODE_BLOCK_2\n\n#### \u4eceCA\u5bc6\u94a5\u751f\u6210CA\u8bc1\u4e66\n\n\u8981\u4ece\u79c1\u94a5\u751f\u6210\u81ea\u7b7e\u540dCA\uff08\u6839\uff09\u8bc1\u4e66\uff08\u786e\u4fdd\u81f3\u5c11\u586b\u5199\u201c\u516c\u7528\u540d\u201d\uff09\uff0c\u8bf7\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\uff1a\n\nCODE_BLOCK_3\n\n#### \u670d\u52a1\u5668\u8bc1\u4e66\n\n\u670d\u52a1\u5668\u4f7f\u7528\u670d\u52a1\u5668\u8bc1\u4e66\u6765\u4fdd\u969c\u4e0e\u5ba2\u6237\u7aef\u7684\u901a\u4fe1\u3002\u8981\u751f\u6210\u8bc1\u4e66\u8bf7\u6c42\u548c\u670d\u52a1\u5668\u79c1\u94a5\uff08\u786e\u4fdd\u81f3\u5c11\u586b\u5199\u201c\u516c\u7528\u540d\u201d\uff0c\u4e14\u4e0e\u6839\u8bc1\u4e66\u7684\u516c\u7528\u540d\u4e0d\u540c\uff09\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a\n\nCODE_BLOCK_4\n\n\u5b8c\u6210\u540e\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u5bc6\u94a5\u548c\u8bc1\u4e66\u6587\u4ef6\u662f\u5426\u6b63\u786e\u751f\u6210\uff1a\n\nCODE_BLOCK_5\n\n## \u5b89\u5168\u8fde\u63a5\u7684\u884c\u4e3a\n\n\u5f53\u60a8\u7684SSL\u914d\u7f6e\u6709\u6548\u65f6\uff0c\u4ee5\u4e0b\u529f\u80fd\u53ef\u7528\uff1a\n\n * \u60a8\u53ef\u4ee5\u901a\u8fc7\u591a\u534f\u8bae\u7aef\u53e3\uff08\u672a\u6307\u5b9a[\u76d1\u542c\u7c7b\u578b](../Server_settings/Searchd.md#listen)\u65f6\uff09\u4f7f\u7528HTTPS\u8fde\u63a5\u5e76\u6267\u884c\u67e5\u8be2\u3002\u8bf7\u6c42\u548c\u54cd\u5e94\u90fd\u4f1a\u88abSSL\u52a0\u5bc6\u3002\n * \u60a8\u53ef\u4ee5\u901a\u8fc7\u4e13\u7528HTTPS\u7aef\u53e3\u7528HTTP\u8fdb\u884c\u8fde\u63a5\u5e76\u6267\u884c\u67e5\u8be2\u3002\u8fde\u63a5\u5c06\u88ab\u4fdd\u62a4\uff08\u5c1d\u8bd5\u901a\u8fc7\u666e\u901aHTTP\u8fde\u63a5\u6b64\u7aef\u53e3\u5c06\u88ab\u62d2\u7edd\u5e76\u8fd4\u56de400\u9519\u8bef\u4ee3\u7801\uff09\u3002\n * \u60a8\u53ef\u4ee5\u4f7f\u7528MySQL\u5ba2\u6237\u7aef\u901a\u8fc7MySQL\u7aef\u53e3\u8fdb\u884c\u5b89\u5168\u8fde\u63a5\u3002\u4f1a\u8bdd\u5c06\u4f1a\u88ab\u4fdd\u62a4\u3002\u8bf7\u6ce8\u610f\uff0cLinux\u7684`mysql`\u5ba2\u6237\u7aef\u9ed8\u8ba4\u5c1d\u8bd5\u4f7f\u7528SSL\uff0c\u56e0\u6b64\u901a\u5e38\u8fde\u63a5\u5230\u5177\u6709\u6709\u6548SSL\u914d\u7f6e\u7684Manticore\u5f88\u53ef\u80fd\u662f\u5b89\u5168\u7684\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u8fde\u63a5\u540e\u6267\u884cSQL\u7684'status'\u547d\u4ee4\u8fdb\u884c\u68c0\u67e5\u3002\n\n\u5982\u679c\u7531\u4e8e\u4efb\u4f55\u539f\u56e0SSL\u914d\u7f6e\u65e0\u6548\uff08\u5b88\u62a4\u8fdb\u7a0b\u901a\u8fc7\u65e0\u6cd5\u5efa\u7acb\u5b89\u5168\u8fde\u63a5\u6765\u68c0\u6d4b\u6b64\u7c7b\u60c5\u51b5\uff09\uff0c\u9664\u4e86\u914d\u7f6e\u65e0\u6548\u5916\uff0c\u8fd8\u53ef\u80fd\u6709\u5176\u4ed6\u539f\u56e0\uff0c\u4f8b\u5982\u5b8c\u5168\u65e0\u6cd5\u52a0\u8f7d\u76f8\u5e94\u7684SSL\u5e93\u3002\u5728\u6b64\u60c5\u51b5\u4e0b\uff0c\u4ee5\u4e0b\u529f\u80fd\u5c06\u65e0\u6cd5\u6b63\u5e38\u5de5\u4f5c\u6216\u4ee5\u975e\u5b89\u5168\u65b9\u5f0f\u5de5\u4f5c\uff1a\n\n* \u60a8\u65e0\u6cd5\u901a\u8fc7HTTPS\u8fde\u63a5\u5230\u591a\u534f\u8bae\u7aef\u53e3\u3002\u8fde\u63a5\u5c06\u88ab\u4e2d\u65ad\u3002\n* \u60a8\u65e0\u6cd5\u8fde\u63a5\u5230\u4e13\u7528\u7684`https`\u7aef\u53e3\u3002HTTPS\u8fde\u63a5\u5c06\u88ab\u4e2d\u65ad\u3002\n* \u901a\u8fc7MySQL\u5ba2\u6237\u7aef\u8fde\u63a5`mysql`\u7aef\u53e3\u65f6\u4e0d\u652f\u6301SSL\u52a0\u5bc6\u3002\u5982\u679c\u5ba2\u6237\u7aef\u9700\u8981SSL\uff0c\u5219\u8fde\u63a5\u4f1a\u5931\u8d25\u3002\u5982\u679c\u4e0d\u9700\u8981SSL\uff0c\u5219\u4f7f\u7528\u666e\u901aMySQL\u6216\u538b\u7f29\u8fde\u63a5\u3002\n\n### \u6ce8\u610f\uff1a\n\n* \u4e8c\u8fdb\u5236API\u8fde\u63a5\uff08\u4f8b\u5982\u65e7\u5ba2\u6237\u7aef\u8fde\u63a5\u6216\u5b88\u62a4\u8fdb\u7a0b\u95f4\u4e3b-\u4ee3\u7406\u901a\u4fe1\uff09\u4e0d\u53d7\u4fdd\u62a4\u3002\n* \u590d\u5236\u7684SSL\u9700\u8981\u5355\u72ec\u8bbe\u7f6e\u3002\u7136\u800c\uff0c\u7531\u4e8e\u590d\u5236\u7684SST\u9636\u6bb5\u662f\u901a\u8fc7\u4e8c\u8fdb\u5236API\u8fde\u63a5\u5b8c\u6210\u7684\uff0c\u56e0\u6b64\u8fd9\u90e8\u5206\u4e5f\u4e0d\u53d7\u4fdd\u62a4\u3002\n* \u60a8\u4ecd\u7136\u53ef\u4ee5\u4f7f\u7528\u4efb\u4f55\u5916\u90e8\u4ee3\u7406\uff08\u4f8b\u5982SSH\u96a7\u9053\uff09\u6765\u4fdd\u62a4\u60a8\u7684\u8fde\u63a5\u3002\n<!-- proofread -->\n\n",
    6. 

  6.             "russian": "# SSL\n\n\u0412\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0437\u0430\u0445\u043e\u0442\u0435\u0442\u044c \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u0442\u044c \u0442\u0440\u0430\u0444\u0438\u043a \u043c\u0435\u0436\u0434\u0443 \u0432\u0430\u0448\u0438\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u043c \u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u044c, \u0447\u0442\u043e \u0441\u0435\u0440\u0432\u0435\u0440 \u0434\u043e\u043b\u0436\u0435\u043d \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c [\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b HTTPS](../Server_settings/Searchd.md#listen) \u0432\u043c\u0435\u0441\u0442\u043e HTTP.\n\n<!-- example CA 1 -->\n\n\u0427\u0442\u043e\u0431\u044b \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c HTTPS, \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0434\u043e\u043b\u0436\u043d\u044b \u0431\u044b\u0442\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0434\u0432\u0435 \u0434\u0438\u0440\u0435\u043a\u0442\u0438\u0432\u044b \u0432 \u0441\u0435\u043a\u0446\u0438\u0438 [searchd](../Server_settings/Searchd.md) \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430, \u0438 \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0445\u043e\u0442\u044f \u0431\u044b \u043e\u0434\u0438\u043d [listener](../Server_settings/Searchd.md#listen), \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u043d\u0430 `https`\n\n* [ssl_cert](../Server_settings/Searchd.md#ssl_cert) \u0444\u0430\u0439\u043b \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430\n* [ssl_key](../Server_settings/Searchd.md#ssl_key) \u0444\u0430\u0439\u043b \u043a\u043b\u044e\u0447\u0430\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0446\u0435\u043d\u0442\u0440\u0430 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (\u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043a\u0430\u043a \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442) \u0432:\n\n* [ssl_ca](../Server_settings/Searchd.md#ssl_ca) \u0444\u0430\u0439\u043b \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u0446\u0435\u043d\u0442\u0440\u0430 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438\n\n\n<!-- intro -->\n##### \u0441 CA:\n\n<!-- request with CA -->\n\u041f\u0440\u0438\u043c\u0435\u0440 \u0441 CA:\n\nCODE_BLOCK_0\n\n<!-- request without CA -->\n\u041f\u0440\u0438\u043c\u0435\u0440 \u0431\u0435\u0437 CA:\n\nCODE_BLOCK_1\n<!-- end -->\n\n## \u0413\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u044f SSL \u0444\u0430\u0439\u043b\u043e\u0432\n\n\u042d\u0442\u0438 \u0448\u0430\u0433\u0438 \u043f\u043e\u043c\u043e\u0433\u0443\u0442 \u0432\u0430\u043c \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c SSL-\u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 'openssl'.\n\n\u0421\u0435\u0440\u0432\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0446\u0435\u043d\u0442\u0440 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432, \u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043e\u043d \u043c\u043e\u0436\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0441 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u043c \u043a\u043b\u044e\u0447\u043e\u043c \u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u043c (\u0431\u0435\u0437 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 CA).\n\n#### \u0413\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u044f \u043a\u043b\u044e\u0447\u0430 CA\n\nCODE_BLOCK_2\n\n#### \u0413\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u044f \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 CA \u0438\u0437 \u043a\u043b\u044e\u0447\u0430 CA\n\n\u0427\u0442\u043e\u0431\u044b \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0430\u043c\u043e\u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 CA (\u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442) \u0438\u0437 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430 (\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0437\u0430\u043f\u043e\u043b\u043d\u0438\u0442\u0435 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \"Common Name\"), \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443:\n\nCODE_BLOCK_3\n\n#### \u0421\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\n\n\u0421\u0435\u0440\u0432\u0435\u0440 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u0432\u044f\u0437\u0438 \u0441 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u043c. \u0427\u0442\u043e\u0431\u044b \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0438 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0439 \u043a\u043b\u044e\u0447 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (\u0443\u0431\u0435\u0434\u0438\u0442\u0435\u0441\u044c, \u0447\u0442\u043e \u0432\u044b \u0437\u0430\u043f\u043e\u043b\u043d\u0438\u043b\u0438 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \"Common Name\" \u0438 \u043e\u043d\u043e \u043e\u0442\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u043e\u0442 Common Name \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430), \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b:\n\nCODE_BLOCK_4\n\n\u041f\u043e \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u0438 \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u043a\u043b\u044e\u0447\u0430 \u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0432:\n\nCODE_BLOCK_5\n\n## \u041f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f\n\n\u041a\u043e\u0433\u0434\u0430 \u0432\u0430\u0448\u0430 SSL-\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0432\u0430\u043b\u0438\u0434\u043d\u0430, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438:\n\n * \u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u043a \u043c\u0443\u043b\u044c\u0442\u0438\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044c\u043d\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 (\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u0443\u043a\u0430\u0437\u0430\u043d [\u0442\u0438\u043f listener](../Server_settings/Searchd.md#listen)) \u0447\u0435\u0440\u0435\u0437 HTTPS \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b. \u0418 \u0437\u0430\u043f\u0440\u043e\u0441, \u0438 \u043e\u0442\u0432\u0435\u0442 \u0431\u0443\u0434\u0443\u0442 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u044b SSL.\n * \u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u043a \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u043c\u0443 HTTPS-\u043f\u043e\u0440\u0442\u0443 \u0441 HTTP \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b. \u0421\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u043c (\u043f\u043e\u043f\u044b\u0442\u043a\u0430 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 \u043f\u043e \u043e\u0431\u044b\u0447\u043d\u043e\u043c\u0443 HTTP \u0431\u0443\u0434\u0435\u0442 \u043e\u0442\u043a\u043b\u043e\u043d\u0435\u043d\u0430 \u0441 \u043a\u043e\u0434\u043e\u043c \u043e\u0448\u0438\u0431\u043a\u0438 400).\n * \u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u043a MySQL-\u043f\u043e\u0440\u0442\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 MySQL \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435. \u0421\u0435\u0441\u0441\u0438\u044f \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u0430. \u041e\u0431\u0440\u0430\u0442\u0438\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u0447\u0442\u043e Linux-\u043a\u043b\u0438\u0435\u043d\u0442 `mysql` \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c SSL, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0442\u0438\u043f\u0438\u0447\u043d\u043e\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043a Manticore \u0441 \u0432\u0430\u043b\u0438\u0434\u043d\u043e\u0439 SSL-\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0435\u0439, \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e, \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043e. \u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u044d\u0442\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0432 SQL-\u043a\u043e\u043c\u0430\u043d\u0434\u0443 'status' \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f.\n\n\u0415\u0441\u043b\u0438 \u0432\u0430\u0448\u0430 SSL-\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u043f\u043e \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u043f\u0440\u0438\u0447\u0438\u043d\u0435 \u043d\u0435\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u0430 (\u0447\u0442\u043e \u0434\u0435\u043c\u043e\u043d \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u0442 \u0442\u0435\u043c, \u0447\u0442\u043e \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043d\u0435 \u0443\u0434\u0430\u0435\u0442\u0441\u044f), \u043f\u043e\u043c\u0438\u043c\u043e \u043d\u0435\u0432\u0435\u0440\u043d\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043f\u0440\u0438\u0447\u0438\u043d\u044b, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0443\u044e SSL-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 \u0432\u043e\u043e\u0431\u0449\u0435. \u0412 \u044d\u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043d\u0435 \u0431\u0443\u0434\u0443\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0438\u043b\u0438 \u0431\u0443\u0434\u0443\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0431\u0435\u0437 \u0437\u0430\u0449\u0438\u0442\u044b:\n\n* \u0412\u044b \u043d\u0435 \u0441\u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u043c\u0443\u043b\u044c\u0442\u0438\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044c\u043d\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 \u0447\u0435\u0440\u0435\u0437 HTTPS. \u0421\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0437\u043e\u0440\u0432\u0430\u043d\u043e.\n* \u0412\u044b \u043d\u0435 \u0441\u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u043c\u0443 `https` \u043f\u043e\u0440\u0442\u0443. HTTPS-\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0434\u0443\u0442 \u0440\u0430\u0437\u043e\u0440\u0432\u0430\u043d\u044b.\n* \u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043a \u043f\u043e\u0440\u0442\u0443 `mysql` \u0447\u0435\u0440\u0435\u0437 MySQL \u043a\u043b\u0438\u0435\u043d\u0442 \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c SSL-\u0437\u0430\u0449\u0438\u0442\u0443. \u0415\u0441\u043b\u0438 \u043a\u043b\u0438\u0435\u043d\u0442 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 SSL, \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f. \u0415\u0441\u043b\u0438 SSL \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f, \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043e \u043e\u0431\u044b\u0447\u043d\u043e\u0435 MySQL \u0438\u043b\u0438 \u0441\u0436\u0430\u0442\u043e\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435.\n\n### \u0412\u043d\u0438\u043c\u0430\u043d\u0438\u0435:\n\n* \u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043f\u043e \u0431\u0438\u043d\u0430\u0440\u043d\u043e\u043c\u0443 API (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043e\u0442 \u0441\u0442\u0430\u0440\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438\u043b\u0438 \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u044f \u043c\u0435\u0436\u0434\u0443 \u0434\u0435\u043c\u043e\u043d\u0430\u043c\u0438 master-agent) \u043d\u0435 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u044b.\n* SSL \u0434\u043b\u044f \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0443\u0436\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e. \u041e\u0434\u043d\u0430\u043a\u043e, \u0442\u0430\u043a \u043a\u0430\u043a \u044d\u0442\u0430\u043f SST \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0431\u0438\u043d\u0430\u0440\u043d\u043e\u0435 API-\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435, \u043e\u043d\u043e \u0442\u043e\u0436\u0435 \u043d\u0435 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043e.\n* \u0412\u044b \u0432\u0441\u0451 \u0435\u0449\u0435 \u043c\u043e\u0436\u0435\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043f\u0440\u043e\u043a\u0441\u0438 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, SSH \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435) \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0432\u0430\u0448\u0438\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439.\n<!-- proofread -->\n\n"
    7. 

  7.         },
    8. 

  8.         "is_code_or_comment": false,
    9. 

  9.         "model": "openai:gpt-4.1-mini",
    10. 

  10.         "updated_at": 1766339789
    11. 

  11.     },
    12. 

  12.     "75e10d88698054a713f5bf9997e1bd7614283b15ab68ba9653cdaade7fe0c889": {
    13. 

  13.         "original": "# SSL\n\nIn many cases, you might want to encrypt traffic between your client and the server. To do that, you can specify that the server should use the [HTTPS protocol](../Server_settings/Searchd.md#listen) rather than HTTP.\n\n<!-- example CA 1 -->\n\nTo enable HTTPS, at least the following two directives should be set in the [searchd](../Server_settings/Searchd.md) section of the config, and there should be at least one [listener](../Server_settings/Searchd.md#listen) set to `https`\n\n* [ssl_cert](../Server_settings/Searchd.md#ssl_cert) certificate file\n* [ssl_key](../Server_settings/Searchd.md#ssl_key) key file\n\nIn addition to that, you can specify the certificate authority's certificate (aka root certificate) in:\n\n* [ssl_ca](../Server_settings/Searchd.md#ssl_ca) certificate authority's certificate file\n\n<!-- intro -->\n##### with CA:\n\n<!-- request with CA -->\nExample with CA:\n\nCODE_BLOCK_0\n\n<!-- request without CA -->\nExample without CA:\n\nCODE_BLOCK_1\n<!-- end -->\n\n## Generating SSL files\n\nThese steps will help you generate the SSL certificates using the 'openssl' tool.\n\nThe server can use a Certificate Authority to verify the signature of certificates, but it can also work with just a private key and certificate (without the CA certificate).\n\n#### Generate the CA key\n\nCODE_BLOCK_2\n\n#### Generate the CA certificate from the CA key\n\nTo generate a self-signed CA (root) certificate from the private key (make sure to fill in at least the \"Common Name\"), use the following command:\n\nCODE_BLOCK_3\n\n#### Server Certificate\n\nThe server uses the server certificate to secure communication with the client. To generate the certificate request and server private key (ensure that you fill in at least the \"Common Name\" and that it is different from the root certificate's common name), execute the following commands:\n\nCODE_BLOCK_4\n\nOnce completed, you can verify that the key and certificate files were generated correctly by running:\n\nCODE_BLOCK_5\n\n## Secured connection behaviour\n\nWhen your SSL configuration is valid, the following features are available:\n\n * You can connect to the multi-protocol port (when no [listener type](../Server_settings/Searchd.md#listen) is specified) over HTTPS and run queries. Both the request and response will be SSL encrypted.\n * You can connect to the dedicated https port with HTTP and run queries. The connection will be secured (attempting to connect to this port via plain HTTP will be rejected with a 400 error code).\n * You can connect to the MySQL port with a MySQL client using a secured connection. The session will be secured. Note that the Linux `mysql` client tries to use SSL by default, so a typical connection to Manticore with a valid SSL configuration will most likely be secured. You can check this by running the SQL 'status' command after connecting.\n\nIf your SSL configuration is not valid for any reason (which the daemon detects by the fact that a secured connection cannot be established), apart from an invalid configuration there may be other reasons, such as the inability to load the appropriate SSL library at all. In this case, the following things will not work or will work in a non-secured manner:\n\n* You cannot connect to the multi-protocol port with HTTPS. The connection will be dropped.\n* You cannot connect to the dedicated `https` port. The HTTPS connections will be dropped\n* Connection to the `mysql` port via a MySQL client will not support SSL securing. If the client requires SSL, the connection will fail. If SSL is not required, it will use plain MySQL or compressed connections.\n\n### Caution:\n\n* Binary API connections (such as connections from old clients or inter-daemons master-agent communication) are not secured.\n* SSL for replication needs to be set up separately. However, since the SST stage of the replication is done through the binary API connection, it is not secured either.\n* You can still use any external proxies (e.g., SSH tunneling) to secure your connections.\n<!-- proofread -->\n\n",
    14. 

  14.         "translations": {
    15. 

  15.             "chinese": "# SSL\n\n\u5728\u8bb8\u591a\u60c5\u51b5\u4e0b\uff0c\u4f60\u53ef\u80fd\u5e0c\u671b\u52a0\u5bc6\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u6d41\u91cf\u3002\u4e3a\u6b64\uff0c\u53ef\u4ee5\u6307\u5b9a\u670d\u52a1\u5668\u5e94\u4f7f\u7528[HTTPS\u534f\u8bae](../Server_settings/Searchd.md#listen)\u800c\u4e0d\u662fHTTP\u3002\n\n<!-- example CA 1 -->\n\n\u8981\u542f\u7528HTTPS\uff0c\u81f3\u5c11\u5e94\u5728\u914d\u7f6e\u7684[searchd](../Server_settings/Searchd.md)\u90e8\u5206\u8bbe\u7f6e\u4ee5\u4e0b\u4e24\u4e2a\u6307\u4ee4\uff0c\u5e76\u4e14\u81f3\u5c11\u5e94\u6709\u4e00\u4e2a\u76d1\u542c\u5668\u8bbe\u7f6e\u4e3a`https`\n\n* [ssl_cert](../Server_settings/Searchd.md#ssl_cert) \u8bc1\u4e66\u6587\u4ef6\n* [ssl_key](../Server_settings/Searchd.md#ssl_key) \u5bc6\u94a5\u6587\u4ef6\n\n\u6b64\u5916\uff0c\u8fd8\u53ef\u4ee5\u5728\u4ee5\u4e0b\u4f4d\u7f6e\u6307\u5b9a\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7684\u8bc1\u4e66\uff08\u5373\u6839\u8bc1\u4e66\uff09\uff1a\n\n* [ssl_ca](../Server_settings/Searchd.md#ssl_ca) \u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7684\u8bc1\u4e66\u6587\u4ef6\n\n<!-- intro -->\n##### \u4f7f\u7528CA\uff1a\n\n<!-- request with CA -->\n\u5e26\u6709CA\u7684\u793a\u4f8b\uff1a\n\nCODE_BLOCK_0\n\n<!-- request without CA -->\n\u6ca1\u6709CA\u7684\u793a\u4f8b\uff1a\n\nCODE_BLOCK_1\n<!-- \u7ed3\u675f -->\n\n## \u751f\u6210SSL\u6587\u4ef6\n\n\u8fd9\u4e9b\u6b65\u9aa4\u5c06\u5e2e\u52a9\u60a8\u4f7f\u7528`openssl`\u5de5\u5177\u751f\u6210SSL\u8bc1\u4e66\u3002\n\n\u670d\u52a1\u5668\u53ef\u4ee5\u4f7f\u7528\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u6765\u9a8c\u8bc1\u8bc1\u4e66\u7b7e\u540d\uff0c\u4f46\u4e5f\u53ef\u4ee5\u4ec5\u4f7f\u7528\u79c1\u94a5\u548c\u8bc1\u4e66\uff08\u65e0\u9700CA\u8bc1\u4e66\uff09\u8fdb\u884c\u5de5\u4f5c\u3002\n\n#### \u751f\u6210CA\u5bc6\u94a5\n\nCODE_BLOCK_2\n\n#### \u4eceCA\u5bc6\u94a5\u751f\u6210CA\u8bc1\u4e66\n\n\u8981\u4ece\u79c1\u94a5\u751f\u6210\u81ea\u7b7e\u540dCA\uff08\u6839\uff09\u8bc1\u4e66\uff08\u8bf7\u786e\u4fdd\u586b\u5199\u81f3\u5c11\u201c\u901a\u7528\u540d\u79f0\u201d\uff09\uff0c\u8bf7\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\uff1a\n\nCODE_BLOCK_3\n\n#### \u670d\u52a1\u5668\u8bc1\u4e66\n\n\u670d\u52a1\u5668\u4f7f\u7528\u670d\u52a1\u5668\u8bc1\u4e66\u6765\u4fdd\u62a4\u4e0e\u5ba2\u6237\u7aef\u7684\u901a\u4fe1\u3002\u8981\u751f\u6210\u8bc1\u4e66\u8bf7\u6c42\u548c\u670d\u52a1\u5668\u79c1\u94a5\uff08\u8bf7\u786e\u4fdd\u586b\u5199\u81f3\u5c11\u201c\u901a\u7528\u540d\u79f0\u201d\uff0c\u5e76\u4e14\u5b83\u4e0d\u540c\u4e8e\u6839\u8bc1\u4e66\u7684\u901a\u7528\u540d\u79f0\uff09\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a\n\nCODE_BLOCK_4\n\n\u5b8c\u6210\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u6765\u9a8c\u8bc1\u5bc6\u94a5\u548c\u8bc1\u4e66\u6587\u4ef6\u662f\u5426\u6b63\u786e\u751f\u6210\uff1a\n\nCODE_BLOCK_5\n\n## \u5b89\u5168\u8fde\u63a5\u884c\u4e3a\n\n\u5f53\u60a8\u7684SSL\u914d\u7f6e\u6709\u6548\u65f6\uff0c\u4ee5\u4e0b\u529f\u80fd\u53ef\u7528\uff1a\n\n* \u53ef\u4ee5\u901a\u8fc7HTTPS\u8fde\u63a5\u5230\u591a\u534f\u8bae\u7aef\u53e3\uff08\u5f53\u672a\u6307\u5b9a[\u76d1\u542c\u7c7b\u578b](../Server_settings/Searchd.md#listen)\u65f6\uff09\uff0c\u5e76\u8fd0\u884c\u67e5\u8be2\u3002\u8bf7\u6c42\u548c\u54cd\u5e94\u90fd\u5c06\u88abSSL\u52a0\u5bc6\u3002\n* \u53ef\u4ee5\u901a\u8fc7HTTP\u8fde\u63a5\u5230\u4e13\u7528\u7684`https`\u7aef\u53e3\u5e76\u8fd0\u884c\u67e5\u8be2\u3002\u8fde\u63a5\u5c06\u88ab\u5b89\u5168\u5730\u4fdd\u62a4\uff08\u5c1d\u8bd5\u901a\u8fc7\u7eafHTTP\u8fde\u63a5\u5230\u6b64\u7aef\u53e3\u5c06\u6536\u5230400\u9519\u8bef\u4ee3\u7801\uff09\u3002\n* \u53ef\u4ee5\u4f7f\u7528\u5b89\u5168\u8fde\u63a5\u901a\u8fc7MySQL\u5ba2\u6237\u7aef\u8fde\u63a5\u5230MySQL\u7aef\u53e3\u3002\u4f1a\u8bdd\u5c06\u88ab\u5b89\u5168\u5730\u4fdd\u62a4\u3002\u8bf7\u6ce8\u610f\uff0cLinux `mysql`\u5ba2\u6237\u7aef\u9ed8\u8ba4\u5c1d\u8bd5\u4f7f\u7528SSL\uff0c\u56e0\u6b64\u5177\u6709\u6709\u6548SSL\u914d\u7f6e\u7684Manticore\u8fde\u63a5\u901a\u5e38\u5c06\u662f\u5b89\u5168\u7684\u3002\u53ef\u4ee5\u901a\u8fc7\u5728\u8fde\u63a5\u540e\u8fd0\u884cSQL 'status'\u547d\u4ee4\u6765\u68c0\u67e5\u8fd9\u4e00\u70b9\u3002\n\n\u5982\u679c\u7531\u4e8e\u4efb\u4f55\u539f\u56e0\uff08\u5b88\u62a4\u8fdb\u7a0b\u901a\u8fc7\u65e0\u6cd5\u5efa\u7acb\u5b89\u5168\u8fde\u63a5\u7684\u4e8b\u5b9e\u68c0\u6d4b\u5230\u65e0\u6548\u914d\u7f6e\uff09SSL\u914d\u7f6e\u65e0\u6548\uff0c\u5219\u9664\u4e86\u65e0\u6548\u914d\u7f6e\u4e4b\u5916\uff0c\u8fd8\u53ef\u80fd\u5b58\u5728\u5176\u4ed6\u539f\u56e0\uff0c\u4f8b\u5982\u6839\u672c\u65e0\u6cd5\u52a0\u8f7d\u9002\u5f53\u7684SSL\u5e93\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u4ee5\u4e0b\u5185\u5bb9\u5c06\u4e0d\u8d77\u4f5c\u7528\u6216\u5c06\u4ee5\u975e\u5b89\u5168\u65b9\u5f0f\u5de5\u4f5c\uff1a\n\n* \u4e0d\u80fd\u901a\u8fc7HTTPS\u8fde\u63a5\u5230\u591a\u534f\u8bae\u7aef\u53e3\u3002\u8fde\u63a5\u5c06\u88ab\u65ad\u5f00\u3002\n* \u4e0d\u80fd\u8fde\u63a5\u5230\u4e13\u7528\u7684`https`\u7aef\u53e3\u3002HTTPS\u8fde\u63a5\u5c06\u88ab\u65ad\u5f00\n* \u901a\u8fc7MySQL\u5ba2\u6237\u7aef\u8fde\u63a5\u5230`mysql`\u7aef\u53e3\u5c06\u4e0d\u652f\u6301SSL\u52a0\u5bc6\u3002\u5982\u679c\u5ba2\u6237\u7aef\u9700\u8981SSL\uff0c\u8fde\u63a5\u5c06\u5931\u8d25\u3002\u5982\u679c\u4e0d\u9700\u8981SSL\uff0c\u5b83\u5c06\u4f7f\u7528\u7eafMySQL\u6216\u538b\u7f29\u8fde\u63a5\u3002\n\n### \u8b66\u544a\uff1a\n\n* \u4e8c\u8fdb\u5236API\u8fde\u63a5\uff08\u5982\u6765\u81ea\u65e7\u5ba2\u6237\u7aef\u6216\u5b88\u62a4\u8fdb\u7a0b\u95f4\u4e3b\u4ee3\u7406\u901a\u4fe1\u7684\u8fde\u63a5\uff09\u4e0d\u53d7\u4fdd\u62a4\u3002\n* \u590d\u5236\u7684SSL\u9700\u8981\u5355\u72ec\u8bbe\u7f6e\u3002\u4f46\u662f\uff0c\u7531\u4e8e\u590d\u5236\u7684SST\u9636\u6bb5\u662f\u901a\u8fc7\u4e8c\u8fdb\u5236API\u8fde\u63a5\u5b8c\u6210\u7684\uff0c\u56e0\u6b64\u4e5f\u4e0d\u53d7\u4fdd\u62a4\u3002\n* \u60a8\u4ecd\u7136\u53ef\u4ee5\u4f7f\u7528\u4efb\u4f55\u5916\u90e8\u4ee3\u7406\uff08\u4f8b\u5982SSH\u96a7\u9053\uff09\u6765\u4fdd\u62a4\u60a8\u7684\u8fde\u63a5\u3002\n<!-- \u6821\u5bf9 -->",
    16. 

  16.             "russian": "# SSL\n\n\u0412\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u0442\u044c \u0442\u0440\u0430\u0444\u0438\u043a \u043c\u0435\u0436\u0434\u0443 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u043c \u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u043c\u043e\u0436\u043d\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u044c, \u0447\u0442\u043e \u0441\u0435\u0440\u0432\u0435\u0440 \u0434\u043e\u043b\u0436\u0435\u043d \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b [HTTPS](../Server_settings/Searchd.md#listen) \u0432\u043c\u0435\u0441\u0442\u043e HTTP.\n\n<!-- example CA 1 -->\n\n\u0427\u0442\u043e\u0431\u044b \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c HTTPS, \u0432 \u0441\u0435\u043a\u0446\u0438\u0438 [searchd](../Server_settings/Searchd.md) \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0434\u043e\u043b\u0436\u043d\u044b \u0431\u044b\u0442\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0434\u0432\u0435 \u0434\u0438\u0440\u0435\u043a\u0442\u0438\u0432\u044b, \u0438 \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d \u0445\u043e\u0442\u044f \u0431\u044b \u043e\u0434\u0438\u043d [\u0441\u043b\u0443\u0448\u0430\u0442\u0435\u043b\u044c](../Server_settings/Searchd.md#listen) \u043d\u0430 `https`:\n\n* [ssl_cert](../Server_settings/Searchd.md#ssl_cert) \u2014 \u0444\u0430\u0439\u043b \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430\n* [ssl_key](../Server_settings/Searchd.md#ssl_key) \u2014 \u0444\u0430\u0439\u043b \u043a\u043b\u044e\u0447\u0430\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043c\u043e\u0436\u043d\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0446\u0435\u043d\u0442\u0440\u0430 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (\u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043a\u0430\u043a \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442) \u0432:\n\n* [ssl_ca](../Server_settings/Searchd.md#ssl_ca) \u2014 \u0444\u0430\u0439\u043b \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u0446\u0435\u043d\u0442\u0440\u0430 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438\n\n<!-- intro -->\n##### \u0441 CA:\n\n<!-- request with CA -->\n\u041f\u0440\u0438\u043c\u0435\u0440 \u0441 CA:\n\nCODE_BLOCK_0\n\n<!-- request without CA -->\n\u041f\u0440\u0438\u043c\u0435\u0440 \u0431\u0435\u0437 CA:\n\nCODE_BLOCK_1\n<!-- end -->\n\n## \u0413\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u044f SSL-\u0444\u0430\u0439\u043b\u043e\u0432\n\n\u042d\u0442\u0438 \u0448\u0430\u0433\u0438 \u043f\u043e\u043c\u043e\u0433\u0443\u0442 \u0432\u0430\u043c \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c SSL-\u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 'openssl'.\n\n\u0421\u0435\u0440\u0432\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0426\u0435\u043d\u0442\u0440 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432, \u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0441 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u043c \u043a\u043b\u044e\u0447\u043e\u043c \u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u043c (\u0431\u0435\u0437 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 CA).\n\n#### \u0413\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u044f \u043a\u043b\u044e\u0447\u0430 CA\n\nCODE_BLOCK_2\n\n#### \u0413\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u044f \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 CA \u0438\u0437 \u043a\u043b\u044e\u0447\u0430 CA\n\n\u0427\u0442\u043e\u0431\u044b \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0430\u043c\u043e\u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 CA (\u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439) \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0438\u0437 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430 (\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0437\u0430\u043f\u043e\u043b\u043d\u0438\u0442\u0435 \u0445\u043e\u0442\u044f \u0431\u044b \"Common Name\"), \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443:\n\nCODE_BLOCK_3\n\n#### \u0421\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\n\n\u0421\u0435\u0440\u0432\u0435\u0440 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u0432\u044f\u0437\u0438 \u0441 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u043c. \u0427\u0442\u043e\u0431\u044b \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0438 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0439 \u043a\u043b\u044e\u0447 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (\u0443\u0431\u0435\u0434\u0438\u0442\u0435\u0441\u044c, \u0447\u0442\u043e \u0432\u044b \u0437\u0430\u043f\u043e\u043b\u043d\u0438\u043b\u0438 \u0445\u043e\u0442\u044f \u0431\u044b \"Common Name\" \u0438 \u0447\u0442\u043e \u043e\u043d \u043e\u0442\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u043e\u0442 \u043e\u0431\u0449\u0435\u0433\u043e \u0438\u043c\u0435\u043d\u0438 \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430), \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b:\n\nCODE_BLOCK_4\n\n\u041f\u043e\u0441\u043b\u0435 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044f \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c, \u0447\u0442\u043e \u0444\u0430\u0439\u043b\u044b \u043a\u043b\u044e\u0447\u0430 \u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u0431\u044b\u043b\u0438 \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0432:\n\nCODE_BLOCK_5\n\n## \u041f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u043e\u0433\u043e \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f\n\n\u041f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 SSL-\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438:\n\n * \u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u043c\u0443\u043b\u044c\u0442\u0438\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044c\u043d\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 (\u043a\u043e\u0433\u0434\u0430 [\u0442\u0438\u043f \u0441\u043b\u0443\u0448\u0430\u0442\u0435\u043b\u044f](../Server_settings/Searchd.md#listen) \u043d\u0435 \u0443\u043a\u0430\u0437\u0430\u043d) \u043f\u043e HTTPS \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b. \u041a\u0430\u043a \u0437\u0430\u043f\u0440\u043e\u0441, \u0442\u0430\u043a \u0438 \u043e\u0442\u0432\u0435\u0442 \u0431\u0443\u0434\u0443\u0442 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u044b \u043f\u043e SSL.\n * \u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u043c\u0443 HTTPS-\u043f\u043e\u0440\u0442\u0443 \u043f\u043e HTTP \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b. \u0421\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043e (\u043f\u043e\u043f\u044b\u0442\u043a\u0430 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 \u043f\u043e \u043e\u0431\u044b\u0447\u043d\u043e\u043c\u0443 HTTP \u0431\u0443\u0434\u0435\u0442 \u043e\u0442\u043a\u043b\u043e\u043d\u0435\u043d\u0430 \u0441 \u043a\u043e\u0434\u043e\u043c \u043e\u0448\u0438\u0431\u043a\u0438 400).\n * \u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a MySQL-\u043f\u043e\u0440\u0442\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e MySQL-\u043a\u043b\u0438\u0435\u043d\u0442\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u043e\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435. \u0421\u0435\u0441\u0441\u0438\u044f \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u0430. \u041e\u0431\u0440\u0430\u0442\u0438\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u0447\u0442\u043e \u043a\u043b\u0438\u0435\u043d\u0442 `mysql` \u0432 Linux \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c SSL, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0442\u0438\u043f\u0438\u0447\u043d\u043e\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043a Manticore \u0441 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 SSL-\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0435\u0439, \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e, \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u044b\u043c. \u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u044d\u0442\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0432 SQL-\u043a\u043e\u043c\u0430\u043d\u0434\u0443 'status' \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f.\n\n\u0415\u0441\u043b\u0438 \u0432\u0430\u0448\u0430 SSL-\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u043f\u043e \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u043f\u0440\u0438\u0447\u0438\u043d\u0435 \u043d\u0435\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u0430 (\u0447\u0442\u043e \u0434\u0435\u043c\u043e\u043d \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u0442 \u043f\u043e \u0444\u0430\u043a\u0442\u0443 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u043e\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435), \u043f\u043e\u043c\u0438\u043c\u043e \u043d\u0435\u0432\u0435\u0440\u043d\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043f\u0440\u0438\u0447\u0438\u043d\u044b, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0443\u044e SSL-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 \u0432\u043e\u043e\u0431\u0449\u0435. \u0412 \u044d\u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0432\u0435\u0449\u0438 \u043d\u0435 \u0431\u0443\u0434\u0443\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0438\u043b\u0438 \u0431\u0443\u0434\u0443\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0432 \u043d\u0435\u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u043e\u043c \u0440\u0435\u0436\u0438\u043c\u0435:\n\n* \u0412\u044b \u043d\u0435 \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u043c\u0443\u043b\u044c\u0442\u0438\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044c\u043d\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 \u043f\u043e HTTPS. \u0421\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0437\u043e\u0440\u0432\u0430\u043d\u043e.\n* \u0412\u044b \u043d\u0435 \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 `https`. HTTPS-\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0434\u0443\u0442 \u0440\u0430\u0437\u043e\u0440\u0432\u0430\u043d\u044b.\n* \u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043a \u043f\u043e\u0440\u0442\u0443 `mysql` \u0447\u0435\u0440\u0435\u0437 MySQL-\u043a\u043b\u0438\u0435\u043d\u0442 \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c \u0437\u0430\u0449\u0438\u0442\u0443 SSL. \u0415\u0441\u043b\u0438 \u043a\u043b\u0438\u0435\u043d\u0442 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 SSL, \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0437\u0430\u0432\u0435\u0440\u0448\u0438\u0442\u0441\u044f \u043e\u0448\u0438\u0431\u043a\u043e\u0439. \u0415\u0441\u043b\u0438 SSL \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f, \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0431\u044b\u0447\u043d\u043e\u0435 MySQL-\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0441\u0436\u0430\u0442\u043e\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435.\n\n### \u0412\u043d\u0438\u043c\u0430\u043d\u0438\u0435:\n\n* \u0421\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u043f\u043e \u0431\u0438\u043d\u0430\u0440\u043d\u043e\u043c\u0443 API (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u043e\u0442 \u0441\u0442\u0430\u0440\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438\u043b\u0438 \u043c\u0435\u0436\u0434\u0435\u043c\u043e\u043d\u043d\u0430\u044f \u0441\u0432\u044f\u0437\u044c master-agent) \u043d\u0435 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u044b.\n* SSL \u0434\u043b\u044f \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e. \u041e\u0434\u043d\u0430\u043a\u043e, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u044d\u0442\u0430\u043f SST \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0431\u0438\u043d\u0430\u0440\u043d\u043e\u0433\u043e API, \u043e\u043d \u0442\u0430\u043a\u0436\u0435 \u043d\u0435 \u0437\u0430\u0449\u0438\u0449\u0451\u043d.\n* \u0412\u044b \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u043c\u043e\u0436\u0435\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043f\u0440\u043e\u043a\u0441\u0438 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, SSH-\u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435) \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u0432\u043e\u0438\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439.\n<!-- proofread -->"
    17. 

  17.         },
    18. 

  18.         "is_code_or_comment": false,
    19. 

  19.         "model": "deepseek/deepseek-v3.2",
    20. 

  20.         "updated_at": 1766374212
    21. 

  21.     },
    22. 

  22.     "__meta": {
    23. 

  23.         "source_text": "# SSL\n\nIn many cases, you might want to encrypt traffic between your client and the server. To do that, you can specify that the server should use the [HTTPS protocol](../Server_settings/Searchd.md#listen) rather than HTTP.\n\n<!-- example CA 1 -->\n\nTo enable HTTPS, at least the following two directives should be set in the [searchd](../Server_settings/Searchd.md) section of the config, and there should be at least one [listener](../Server_settings/Searchd.md#listen) set to `https`\n\n* [ssl_cert](../Server_settings/Searchd.md#ssl_cert) certificate file\n* [ssl_key](../Server_settings/Searchd.md#ssl_key) key file\n\nIn addition to that, you can specify the certificate authority's certificate (aka root certificate) in:\n\n* [ssl_ca](../Server_settings/Searchd.md#ssl_ca) certificate authority's certificate file\n\n\n<!-- intro -->\n##### with CA:\n\n<!-- request with CA -->\nExample with CA:\n\n```ini\nssl_ca = ca-cert.pem\nssl_cert = server-cert.pem\nssl_key = server-key.pem\n```\n\n<!-- request without CA -->\nExample without CA:\n\n```ini\nssl_cert = server-cert.pem\nssl_key = server-key.pem\n```\n<!-- end -->\n\n## Generating SSL files\n\nThese steps will help you generate the SSL certificates using the 'openssl' tool.\n\nThe server can use a Certificate Authority to verify the signature of certificates, but it can also work with just a private key and certificate (without the CA certificate).\n\n#### Generate the CA key\n\n```bash\nopenssl genrsa 2048 > ca-key.pem\n```\n\n#### Generate the CA certificate from the CA key\n\nTo generate a self-signed CA (root) certificate from the private key (make sure to fill in at least the \"Common Name\"), use the following command:\n\n```bash\nopenssl req -new -x509 -nodes -days 365 -key ca-key.pem -out ca-cert.pem\n```\n\n#### Server Certificate\n\nThe server uses the server certificate to secure communication with the client. To generate the certificate request and server private key (ensure that you fill in at least the \"Common Name\" and that it is different from the root certificate's common name), execute the following commands:\n\n```bash\nopenssl req -newkey rsa:2048 -days 365 -nodes -keyout server-key.pem -out server-req.pem\nopenssl rsa -in server-key.pem -out server-key.pem\nopenssl x509 -req -in server-req.pem -days 365 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem\n```\n\nOnce completed, you can verify that the key and certificate files were generated correctly by running:\n\n```bash\nopenssl verify -CAfile ca-cert.pem server-cert.pem\n```\n\n## Secured connection behaviour\n\nWhen your SSL configuration is valid, the following features are available:\n\n * You can connect to the multi-protocol port (when no [listener type](../Server_settings/Searchd.md#listen) is specified) over HTTPS and run queries. Both the request and response will be SSL encrypted.\n * You can connect to the dedicated https port with HTTP and run queries. The connection will be secured (attempting to connect to this port via plain HTTP will be rejected with a 400 error code).\n * You can connect to the MySQL port with a MySQL client using a secured connection. The session will be secured. Note that the Linux `mysql` client tries to use SSL by default, so a typical connection to Manticore with a valid SSL configuration will most likely be secured. You can check this by running the SQL 'status' command after connecting.\n\nIf your SSL configuration is not valid for any reason (which the daemon detects by the fact that a secured connection cannot be established), apart from an invalid configuration there may be other reasons, such as the inability to load the appropriate SSL library at all. In this case, the following things will not work or will work in a non-secured manner:\n\n* You cannot connect to the multi-protocol port with HTTPS. The connection will be dropped.\n* You cannot connect to the dedicated `https` port. The HTTPS connections will be dropped\n* Connection to the `mysql` port via a MySQL client will not support SSL securing. If the client requires SSL, the connection will fail. If SSL is not required, it will use plain MySQL or compressed connections.\n\n### Caution:\n\n* Binary API connections (such as connections from old clients or inter-daemons master-agent communication) are not secured.\n* SSL for replication needs to be set up separately. However, since the SST stage of the replication is done through the binary API connection, it is not secured either.\n* You can still use any external proxies (e.g., SSH tunneling) to secure your connections.\n<!-- proofread -->\n\n",
    24. 

  24.         "updated_at": 1768530797,
    25. 

  25.         "source_md5": "7e1ebe22fd02aaba9871d9806341b8f4"
    26. 

  26.     }
    27. 

  27. }
    28.