SSL on Percona Mysql

KunalM · November 17, 2015, 12:46am

Hello Team,

I having issue connecting MySQL over SSL and I am getting below error.
Can someone assist ?

[root@crm-app mysql-ssl]# mysql --ssl-ca=/etc/mysql-ssl/ca-cert.pem --ssl-cert=/etc/mysql-ssl/client-cert.pem --ssl-key=/etc/mysql-ssl/client-key.pem -hEC-VMA.modeldns.com.au -uecuser_appusr -p
Enter password:
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
[root@crm-app mysql-ssl]#

NOTE:
ec-vma.modeldns.com.au (Master) and crm-app is a client.

===
[root@crm-app ~]# cat /etc/my.cnf
[mysqld]
innodb_file_per_table=1
[client]
ssl-ca=/etc/mysql-ssl/ca-cert.pem
ssl-cert=/etc/mysql-ssl/client-cert.pem
ssl-key=/etc/mysql-ssl/client-key.pem
You have new mail in /var/spool/mail/root
[root@crm-app ~]#
[root@crm-app ~]#
[root@crm-app ~]#
[root@crm-app ~]# cd /etc/mysql-ssl/
[root@crm-app mysql-ssl]# ll -sh
total 16K
4.0K -rw-r–r-- 1 root root 1.2K Nov 4 23:33 ca-cert.pem
4.0K -rw-r–r-- 1 root root 1.3K Nov 4 23:23 ca-cert.pem.s
4.0K -rw-r–r-- 1 root root 1.2K Nov 4 23:23 client-cert.pem
4.0K -rw-r–r-- 1 root root 1.7K Nov 4 23:24 client-key.pem
0 -rw-r–r-- 1 root root 0 Nov 4 23:20 server-cert.pem
[root@crm-app mysql-ssl]#

REF:[url]http://xmodulo.com/enable-ssl-mysql-server-client.html[/url]

-Regards
Kunal Modi

jrivera · November 18, 2015, 3:00am

If you have latest OpenSSL version installed you need to upgrade to at least 5.5.45 or 5.6.26 which has a fix for the bug [url]MySQL Bugs: #77275: Newest RHEL/CentOS openssl update breaks mysql DHE ciphers

Second, make sure the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate.

Follow this link to create SSL certificates/keys [url]http://dev.mysql.com/doc/refman/5.6/en/creating-ssl-files-using-openssl.html[/url]

KunalM · November 20, 2015, 6:56am

Thanks for your suggestion.

I have tired upgrading Percona server to latest 5.6.27 but issue persist.
Not sure where is actual issue.

Same certificate is working for other servers which are not percona mysql server ( So I dont think issue Common Name value )

Do we have any other suggestion.

-Regards
Kunal Modi

KunalM · November 23, 2015, 10:54pm

Hello Team

Can someone please assist.
It will be of great help.

-Regards
Kunal Modi

Topic		Replies	Views
SSL with CA issued certs - errors Other MySQL® Questions	1	693	May 15, 2014
SSL connection error : certificate verify failed, [Galera] Handshake failed Percona XtraDB Cluster 8.x	6	1694	August 12, 2022
SSL Connections with 5.5.33 Other MySQL® Questions	1	2985	October 16, 2013
Better ssl management for schema-change tool? Polyglot Projects	5	1952	January 26, 2021
Some authentication plugins will not work Other MySQL® Questions	0	2538	July 19, 2018

SSL on Percona Mysql

Related topics