I have been struggling to get MySQL over SSL going for about two weeks now and looking for ANY help. Here is what I've done so far:
1) Compiled and installed MySQL with SSL support. This command/result should help prove this:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 771
Server version: 5.0.90-log Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show variables like '%ssl%';
+---------------+----------------------------------------+
| Variable_name | Value |
+---------------+----------------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /usr/local/var/private/ca-cert.pem |
| ssl_capath | |
| ssl_cert | /usr/local/var/private/server-cert.pem |
| ssl_cipher | |
| ssl_key | /usr/local/var/private/server-key.pem |
+---------------+----------------------------------------+
7 rows in set (0.00 sec)
Notice the 'YES' values for 'have_openssl' and 'have_ssl'.
2) I have generated my own CA, client and server certificates and keys. I used different 'common names' for the CA and server/client certs.
3) I updated my server my.cnf file to point to the proper locations of the items I created noted in #2 above. Here is my my.cnf file from my MySQL server (notice last 3 entries):
[mysqld]
user = mysql
port = 3306
socket = /tmp/mysql.sock
log = /usr/local/var/logs/access_log
log-slow-queries= /usr/local/var/logs/slow_log
tmpdir = /usr/tmp
enable-locking
skip-name-resolve
skip-host-cache
old-passwords
set-variable = max_connections=500
set-variable = max_connect_errors=100
set-variable = back_log=128
set-variable = max_allowed_packet=1M
set-variable = wait_timeout=500
set-variable = table_cache=128
set-variable = key_buffer=128M
set-variable = sort_buffer=512K
set-variable = record_buffer=512K
set-variable = query_cache_size=16M
log-error = /usr/local/var/logs/mysqld.err
ssl-ca = /usr/local/var/private/ca-cert.pem
ssl-cert = /usr/local/var/private/server-cert.pem
ssl-key = /usr/local/var/private/server-key.pem
4) I connect to the MySQL server using the following command from a shell (I obviously enter the proper host, username, password below along with the proper location of client key/cert):
mysql -hHOSTHERE -uUSERHERE -p DBNAMEHERE --ssl --ssl-ca=/usr/home/sslkeys/ca-cert.pem --ssl-cert=/usr/home/sslkeys/client-cert.pem --ssl-key=/usr/home/sslkeys/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA:AES128-SHA
The system then prompts for a password, which I enter and it connects successfully. No errors, everything SEEMS to work properly.
5) I attempt to verify that my connection is using SSL with the '\s' command, as you can see it is NOT using SSL (I removed the IP from the output below):
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 776
Server version: 5.0.90-log Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> \s
--------------
mysql Ver 14.12 Distrib 5.0.90, for unknown-freebsd7.2 (i386) using EditLine wrapper
Connection id: 776
Current database: DATABASE NAME HERE
Current user: user@IPHERE
SSL: Not in use
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.0.90-log Source distribution
Protocol version: 10
Connection: IPHERE via TCP/IP
Server characterset: latin1
Db characterset: latin1
Client characterset: latin1
Conn. characterset: latin1
TCP port: 3306
Uptime: 23 hours 27 min 15 sec
Threads: 1 Questions: 2267 Slow queries: 0 Opens: 18 Flush tables: 2 Open tables: 3 Queries per second avg: 0.027
--------------
I've spent weeks trying to get this to work. I'm not getting any connection errors, nothing in the logs. The connection is made... just not one using SSL. Thanks to anyone who can provide any information.