Use a command-line client such as MySQL Shell or MySQL Client to create a correctly configured replication user with appropriate privileges on the source server.

1. Open MySQL Shell and connect to the MySQL source server.
2. Run the following command in the SQL execution mode to create a replication user, and to permit only encrypted connections for all accounts named by the statement. In this example, the username for the replication user is rpluser001:

   CREATE USER rpluser001@'%' IDENTIFIED BY 'password' REQUIRE SSL;

   The password must be between 8 and 32 characters and contain at least one numeric character, one special character, one uppercase, and one lowercase character. If the username contains any special characters, such as a space or hyphen, it must also be surrounded by quotes, for example:

   CREATE USER 'rpl-user'@'%' IDENTIFIED BY 'password' REQUIRE SSL;

   Note
   
   If the replica DB system is running MySQL 9.0 or higher and the source server has set the default_authentication_plugin to mysql_native_password, ensure that the replication user is created with the caching_sha2_password authentication method.

   CREATE USER rpluser001@'%' IDENTIFIED WITH 'caching_sha2_password' BY 'password' REQUIRE SSL;

3. Run the following command to grant the REPLICATION SLAVE privilege to the new replication user, rpluser001 in this example:

   GRANT REPLICATION SLAVE on *.* to rpluser001@'%';