diff --git a/enable-tls-between-clients-and-servers.md b/enable-tls-between-clients-and-servers.md index fd3dec537ad1c..d68b68e0c7c6a 100644 --- a/enable-tls-between-clients-and-servers.md +++ b/enable-tls-between-clients-and-servers.md @@ -34,14 +34,14 @@ Similar to MySQL, TiDB allows TLS and non-TLS connections on the same TCP port. ## Configure TiDB server to use secure connections -See the following desrciptions about the related parameters to enable secure connections: +See the following descriptions about the related parameters to enable secure connections: - [`auto-tls`](/tidb-configuration-file.md#auto-tls): enables automatic certificate generation (since v5.2.0) - [`ssl-cert`](/tidb-configuration-file.md#ssl-cert): specifies the file path of the SSL certificate - [`ssl-key`](/tidb-configuration-file.md#ssl-key): specifies the private key that matches the certificate - [`ssl-ca`](/tidb-configuration-file.md#ssl-ca): (optional) specifies the file path of the trusted CA certificate -`auto-tls` allows secure connections but does not provide client certificate validation. For certificate validation, and to control how certificates are generated, see the advice on configuring the `ssl-cert`, `ssl-key` and `ssl-ca` variables below. +`auto-tls` allows secure connections but does not provide client certificate validation. For certificate validation, and to control how certificates are generated, see the advice on configuring the `ssl-cert`, `ssl-key` and `ssl-ca` variables below. To enable secure connections with your own certificates in the TiDB server, you must specify both of the `ssl-cert` and `ssl-key` parameters in the configuration file when you start the TiDB server. You can also specify the `ssl-ca` parameter for client authentication (see [Enable authentication](#enable-authentication)). @@ -49,7 +49,7 @@ All the files specified by the parameters are in PEM (Privacy Enhanced Mail) for If the certificate parameters are correct, TiDB outputs `secure connection is enabled` when started; otherwise, it outputs `secure connection is NOT ENABLED`. -For TiDB versions earlier than v5.2.0, you can use `mysql_ssl_rsa_setup --datadir=./certs` to generate certficates. The `mysql_ssal_rsa_setup` tool is a part of MySQL Server. +For TiDB versions earlier than v5.2.0, you can use `mysql_ssl_rsa_setup --datadir=./certs` to generate certficates. The `mysql_ssl_rsa_setup` tool is a part of MySQL Server. ## Configure the MySQL client to use encrypted connections @@ -163,7 +163,7 @@ To replace the certificate, the key or CA, first replace the corresponding files The newly loaded certificate, key, and CA take effect on the connection that is established after the statement is successfully executed. The connection established before the statement execution is not affected. -## Montoring +## Monitoring Since TiDB v5.2.0, you can use the `Ssl_server_not_after` and `Ssl_server_not_before` status variables to monitor the start and end dates of the validity of the certificate.