Not the answer you need?
Register and ask your own question!

SSL on Percona Mysql

KunalMKunalM EntrantInactive User Role Beginner
Hello Team,

I having issue connecting MySQL over SSL and I am getting below error.
Can someone assist ?

[[email protected] mysql-ssl]# mysql --ssl-ca=/etc/mysql-ssl/ca-cert.pem --ssl-cert=/etc/mysql-ssl/client-cert.pem --ssl-key=/etc/mysql-ssl/client-key.pem -hEC-VMA.modeldns.com.au -uecuser_appusr -p
Enter password:
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
[[email protected] mysql-ssl]#

NOTE:
ec-vma.modeldns.com.au (Master) and crm-app is a client.

===
[[email protected] ~]# cat /etc/my.cnf
[mysqld]
innodb_file_per_table=1
[client]
ssl-ca=/etc/mysql-ssl/ca-cert.pem
ssl-cert=/etc/mysql-ssl/client-cert.pem
ssl-key=/etc/mysql-ssl/client-key.pem
You have new mail in /var/spool/mail/root
[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]# cd /etc/mysql-ssl/
[[email protected] mysql-ssl]# ll -sh
total 16K
4.0K -rw-r--r-- 1 root root 1.2K Nov 4 23:33 ca-cert.pem
4.0K -rw-r--r-- 1 root root 1.3K Nov 4 23:23 ca-cert.pem.s
4.0K -rw-r--r-- 1 root root 1.2K Nov 4 23:23 client-cert.pem
4.0K -rw-r--r-- 1 root root 1.7K Nov 4 23:24 client-key.pem
0 -rw-r--r-- 1 root root 0 Nov 4 23:20 server-cert.pem
[[email protected] mysql-ssl]#
===

REF:http://xmodulo.com/enable-ssl-mysql-server-client.html

-Regards
Kunal Modi

Comments

  • jriverajrivera Percona Support Engineer Percona Staff Role
    If you have latest OpenSSL version installed you need to upgrade to at least 5.5.45 or 5.6.26 which has a fix for the bug https://bugs.mysql.com/bug.php?id=77275

    Second, make sure the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate.

    Follow this link to create SSL certificates/keys http://dev.mysql.com/doc/refman/5.6/en/creating-ssl-files-using-openssl.html
  • KunalMKunalM Entrant Inactive User Role Beginner
    Thanks for your suggestion.

    I have tired upgrading Percona server to latest 5.6.27 but issue persist.
    Not sure where is actual issue.

    Same certificate is working for other servers which are not percona mysql server ( So I dont think issue Common Name value )

    Do we have any other suggestion.

    -Regards
    Kunal Modi
  • KunalMKunalM Entrant Inactive User Role Beginner
    Hello Team

    Can someone please assist.
    It will be of great help.

    -Regards
    Kunal Modi
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.