Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
Ka4a2015-11-01 17:20:50
linux
Ka4a, 2015-11-01 17:20:50

mysql ssl replication not working, why?

Greetings colleagues. I decided to organize an SSL connection between the master and the slave. And now I've been fighting for half a day. So we have:
Master - 4.0.5-gentoo, mysql 5.6.26.

have_openssl   YES                                  
have_ssl       YES                                  
ssl_ca         /etc/mysql/ssl-mysql/ca-cert.pem     
ssl_cert       /etc/mysql/ssl-mysql/server-cert.pem 
ssl_key        /etc/mysql/ssl-mysql/server-key.pem

Slave - Ununtu 12.04 mysql 5.6.27
Master_SSL_Allowed: No
 Master_SSL_CA_File: /etc/mysql/ssl-mysql/ca-cert.pem
 Master_SSL_Cert: /etc/mysql/ssl-mysql/client-cert.pem
 Master_SSL_Key: /etc/mysql/ssl-mysql/client-key.pem

Created certificates on Gentoo. Now replication works and everything is OK. But when I do I
CHANGE MASTER TO MASTER_SSL=1
get in the logs of the slave
SSL error: Unable to get certificate from '/etc/mysql/ssl-mysql/client-cert.pem'
[ERROR] Slave I/O: error connecting to master '[email protected]:3306' - retry-time: 60  retries: 1, Error_code: 2026

ls -al
total 20
drwxr-xr-x 2 mysql mysql 4096 Oct 30 00:06 .
drwxr-xr-x 5 root  root  4096 Nov  1 17:22 ..
-rwxr--r-- 1 mysql mysql 1229 Oct 30 13:51 ca-cert.pem
-rwxr--r-- 1 mysql mysql 1123 Oct 30 13:53 client-cert.pem
-rwxr--r-- 1 mysql mysql 1708 Oct 30 13:52 client-key.pem

I did everything according to the HowTo article

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
K
Ka4a, 2015-11-03
@ka4a

In general, I figured out the problem myself.
1. Certificates must be in the old pkcs#1 format
2. Permissions for certificates and the folder where they are located must be with the user from which mysql runs, in my case it was (mysql). Even if the keys are in /etc/mysq/ssl, you still need to give the user rights. Checked like this - sudo -u mysql mysql -h 1.2.3.4 --ssl-ca=/etc/mysql/ssl-mysql/ca-cert.pem --ssl-cert=/etc/mysql/ssl-mysql/client- cert.pem --ssl-key=/etc/mysql/ssl-mysql/client-key.pem -u replica -p.
Thanks Andrey for the ask ubuntu link
, I found the answer there.

Report
A
Andrew, 2015-11-02
@drevil

make
file /etc/mysql/ssl-mysql/client-cert.pem
if file exists check it with openssl

Similar questions
C
chuhnevdan2021-04-13 09:38:42
Hello, I have a Django project, the task is the following, there is a csv file, it is necessary to create a table on the page based on it, what is the mistake? 2Reply
S
santavits2019-11-13 14:43:29
How to fix the link when sending? 7Reply
J
jspie2017-08-23 14:20:00
How to get request response in Axios? 6Reply
A
Alistair O2016-12-29 12:43:00
How to find a free remote linux administrator job? 5Reply
S
Sasha2942019-05-25 21:20:23
What are the ways to block ads on the local network? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question