Clearly, I have one of these SSL config lines wrong, but I can’t figure out which one.
various troubleshooting results pasted below (CAUTION:LONG)
ssl-ca=/etc/mysql/certs/ca.pem
ssl-cert=/etc/mysql/certs/client-cert.pem
ssl-key=/etc/mysql/certs/client-key.pem
or:
encrypt=4
ssl-ca=ca.pem
ssl-key=server-key.pem
ssl-cert=server-cert.pem
Provide the full paths. Make sure ‘mysql’ user can read all files. Make sure others cannot read the key.
[root@SQL1 certs]# pwd
/etc/mysql/certs
[root@SQL1 certs]# ll …
drwxr-xr-x. 3 root root 19 Jul 19 22:42 .
drwxr-xr-x. 113 root root 8192 Jul 21 22:38 …
drwxr-xr-x. 5 mysql mysql 229 Jul 21 20:36 certs
[root@SQL1 certs]# ll
drwxr-xr-x. 5 mysql mysql 229 Jul 21 20:36 .
drwxr-xr-x. 3 root root 19 Jul 19 22:42 …
-rw-------. 1 mysql mysql 1679 Jul 21 20:36 server-key.pem
-rw-r–r–. 1 mysql mysql 1151 Jul 21 20:36 server-cert.pem
-rw-r–r–. 1 mysql mysql 980 Jul 21 20:36 client-req.pem
-rw-------. 1 mysql mysql 1675 Jul 21 20:36 client-key.pem
-rw-r–r–. 1 mysql mysql 1151 Jul 21 20:36 client-cert.pem
-rw-r–r–. 1 mysql mysql 1306 Jul 21 20:36 ca.pem
-rw-r–r–. 1 mysql mysql 1679 Jul 21 20:36 ca-key.pem
-rw-r–r–. 1 mysql mysql 980 Jul 21 20:36 server-req.pem
[root@SQL1 certs]#
I copied these keys to /var/lib/mysql:
[root@SQL1 certs]# for x in $(ls *.pem) ; do locate $x ; done
/etc/mysql/certs/ca-key.pem
/var/lib/mysql/ca-key.pem
/etc/mysql/certs/ca.pem
/var/lib/mysql/ca.pem
/etc/mysql/certs/client-cert.pem
/var/lib/mysql/client-cert.pem
/etc/mysql/certs/client-key.pem
/var/lib/mysql/client-key.pem
/etc/mysql/certs/client-req.pem
/etc/mysql/certs/private_key.pem
//var/lib/mysql/private_key.pem
/etc/mysql/certs/public_key.pem
/var/lib/mysql/public_key.pem
/etc/mysql/certs/server-cert.pem
/var/lib/mysql/server-cert.pem
/etc/mysql/certs/server-key.pem
/var/lib/mysql/server-key.pem
/etc/mysql/certs/server-req.pem
[root@SQL1 certs]#
Or should they be links? ln -s?
You don’t need the certs in 2 places. Pick one location or the other. After you do that, what does MySQL say when you start the node?
Sorry I didn’t get back to you. They work now. Thanks!
Unanswered | Unsolved | Solved
MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright © 2006 - 2024 Percona LLC. All rights reserved.