Trouble Connecting 2nd Node in Percona XtraDB Cluster – “certificate signature failure” (SSL)
Hi community,I’m setting up a 2-node Percona XtraDB Cluster (PXC 8.0.34) with SSL-based Galera cluster encryption.
Node 1:
Running fine with:
/etc/mysql/ssl/server-key.pem and server-cert.pem
CA signed with ca.pem, ca-key.pem
Cluster size shows as 1
SSL key and cert verified via:
openssl rsa -noout -modulus -in server-key.pem | openssl md5
openssl x509 -noout -modulus -in server-cert.pem | openssl md5
openssl verify -CAfile ca.pem server-cert.pem
Node 2:
Certificates created using:
openssl req -newkey rsa:4096 …
openssl x509 -req -CA ca.pem -CAkey ca-key.pem …
Correctly placed in /etc/mysql/ssl/, ownership and permissions set.
But MySQL fails to start on Node 2 with:
Galera: Failed to establish connection: data too large for modulus: certificate signature failure
wsrep.cnf (common for both nodes):
[mysqld]
wsrep_provider = /usr/lib/galera4/libgalera_smm.so
wsrep_cluster_name = mycluster
wsrep_cluster_address = gcomm://<node1_ip>
wsrep_node_address = <respective_ip>
wsrep_node_name = <node_name>
pxc-encrypt-cluster-traffic=ON
…
[sst]
ssl-ca = /etc/mysql/ssl/ca.pem
ssl-cert = /etc/mysql/ssl/server-cert.pem
ssl-key = /etc/mysql/ssl/server-key.pem
[xtrabackup]
ssl-ca = /etc/mysql/ssl/ca.pem
ssl-cert = /etc/mysql/ssl/server-cert.pem
ssl-key = /etc/mysql/ssl/server-key.pem
What I’ve Tried:
Regenerated certs with 2048-bit keys on Node 2 (same CA).
Verified cert/key pair on both nodes.
Ensured same CA files are in use.
Restarted MySQL after full cleanup.
Still getting:
certificate signature failure / data too large for modulus