Hey everyone,
we got the xtradb cluster now running for a few weeks but we wanted to renew the whole ca/certs (all server and client certs) cause we will use the CA of our OPNsense in the future.
So i created a new CA which i deployed to every server and client and created a server certificate/key for every server and a client certificate/key for every client.
I’ve shut down everything (its a testlab, thats why so hard), replaced the server and client certs and tried to bootstrap the cluster again.
So i started mysql@bootstrap on node 1 and tried to start mysql.service on node 2, but the logs of node 1 showing:
Handshake failed: certificate verify failed: unsuitable certificate purpose
So i checked the CA, Server cert and client cert and everything seems fine. They do not differ (technically) from the ones i used before which creation is described here:
Does someone knows what the message means or how i can dig deeper to the root cause?
Best regards