Re: MySQL 5.5.8 SSL error: Unable to get private key from 'server-key.pem'
Date: January 02, 2011 02:50AM
OK, I've found the problem. MySQL Server didn't like the header/footer lines in the PEM encoded key file.
Details: There is a slight (and trivial) difference between a PEM encoded private key file that is Generated by the 'openssl genrsa' command versus a PEM encoded private key file that is Extracted from an existing combined cert/key file with the 'openssl pkey' command. Qualification: the combined cert/key file was a PEM encoded file that was converted from a PFX format file issued by a Microsoft Certificate Services server.
The difference between the openssl Generated versus Extracted key file is simply in the text header and footer lines (see below).
'openssl genrsa' generated key output:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
'openssl pkey' extracted key output:
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
Note that the 'openssl genrsa' Generated key output includes ' RSA' in the text header and footer lines, whereas the 'openssl pkey' Extracted key output does not include ' RSA'.
Adding ' RSA' after BEGIN and END in the header and footer lines of the PEM encoded private key file solved the problem--MySQL Server now loads the private key and enables SSL.
Hard to believe that could be the source of so much trouble!
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.