MySQL + SSL and X509 setup

This is a discussion on MySQL + SSL and X509 setup within the MySQL Database forums, part of the Database Forums category; I am having some trouble getting secure connections to MySQL and I am hoping that somebody can point out what ...


Go Back   Usenet Forums > Database Forums > MySQL Database

Reload this Page MySQL + SSL and X509 setup

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 03-28-2008
Steve
 
Posts: n/a
Default MySQL + SSL and X509 setup
I am having some trouble getting secure connections to MySQL and I am
hoping that somebody can point out what I'm doing wrong or forgetting
to do.

I have followed http://dev.mysql.com/doc/refman/5.0/...ate-certs.html
to the letter for setting up SSL connections.

I can make a SSL connection with no X509

iommi mysql # mysql --ssl-ca=/etc/svrkeys/mysql/ca-cert.pem -u user1 -
p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.0.54-log Gentoo Linux mysql-5.0.54

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> \s
--------------
mysql Ver 14.12 Distrib 5.0.54, for pc-linux-gnu (x86_64) using
readline 5.2

Connection id: 8
Current database:
Current user: user1@localhost
SSL: Cipher in use is DHE-RSA-AES256-SHA
Current pager: /usr/bin/less
Using outfile: ''
Using delimiter: ;
Server version: 5.0.54-log Gentoo Linux mysql-5.0.54
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: utf8
Db characterset: utf8
Client characterset: utf8
Conn. characterset: utf8
UNIX socket: /var/run/mysqld/mysqld.sock
Uptime: 15 min 48 sec

Threads: 1 Questions: 21 Slow queries: 0 Opens: 14 Flush tables:
1 Open tables: 8 Queries per second avg: 0.022
--------------

However when I try and use a certificate I get the following
iommi mysql # mysql --ssl-ca=/etc/svrkeys/mysql/ca-cert.pem --ssl-
cert=/etc/svrkeys/mysql/client-cert.pem --ssl-key=/etc/svrkeys/mysql/
client-key.pem -u user1 -p
Enter password:
ERROR 2026 (HY000): SSL connection error
iommi mysql #

user1 was created with the REQUIRE SSL option. I created a second
user with the REQUIRE X509 option and get the same results (only I can
not connect either way).

I also am unable to connect via MySQL Administrator from a windows
box. I downloaded the ca-cert.pem to my box and added the SSL_CA and
USE_SSL variables under advanced options (I used a / and now a \) and
it refused to connect period.

The hostname when I created the user is % so I should be able to
connect from anywhere. I have connected via the command line client
(with user1) from another GNU/Linux box as well.

Any help would be appreciated.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 01:21 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0