SSL with CA issued certs - errors


Release: percona-server-server-5.5 1:5.5.37-rel35.0-657.precise
Openssl: openssl 1.0.1-4ubuntu5.13

We’re setting up MySQL for eventual ODBC connections, security requirement is over SSL. This tests correctly with self-generated certs but switching to real ISP generated certs errors. Simplest we should be able to do is;

ssl-ca=/etc/mysql/certs/intermediate.pem - the CA’s interm cert
ssl-cert=/etc/mysql/certs/our_realcert.pem - our real signed cert
ssl-key=/etc/mysql/certs/our_realcert_key.pem - real certs key

The cert & key’s MD5 sums are both correct & the whole chain has been verified in an Apache setup
We’re testing correct connection with workbench initially , the real certs error with “SSL connection error: ASN: bad other signature confirmation” & self generated certs are OK.

Does anyone have experience of ‘real’ certs or can illuminate this error?


Resolved, switching back to standard MySQL with the identical configuration works.
Can only assume an issue with percona-server-server-5.5 1:5.5.37-rel35.0-657.precise or the client