MySQL Forums
Forum List  »  Newbie

SSL connection problem.
Posted by: Rome Petruca
Date: February 02, 2022 07:11AM

Need help, please
I have configured a mysql 5.7 server, on ubuntu 20.04 with ssl connection.

MySQL console:

$create user 'test'@'%' require ssl;
$alter user 'test'@'%s' identified by 'XXX';
$grant all privileges on *.* to 'test'@%';

I have created certificates.
Restarting server.

mysql> SHOW GLOBAL VARIABLES LIKE '%ssl%';
+---------------+--------------------------------+
| Variable_name | Value |
+---------------+--------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /etc/mysql-ssl/ca-cert.pem |
| ssl_capath | |
| ssl_cert | /etc/mysql-ssl/server-cert.pem |
| ssl_cipher | DHE-RSA-AES256-SHA |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | /etc/mysql-ssl/server-key.pem |
+---------------+--------------------------------+
9 rows in set (0.00 sec)

When i'm trying to connect:

$mysql -u test -pXXX
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'test'@'localhost' (using password: YES)

is normal, need certificates.

with certificates

$mysql -u test -pXXX --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 5.7.35 MySQL Community Server (GPL)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

You are enforcing ssl conection via unix socket. Please consider
switching ssl off as it does not make connection via unix socket
any more secure.
mysql>

Is ok.
Again:

$mysql -u test -h localhost -p123
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'test'@'localhost' (using password: YES)

$ mysql -u test -h localhost -pXXX
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'test'@'localhost' (using password: YES)

With certificates:

[romeo@romeo-das ssl_cert]$ mysql -u test -h localhost -pXXX --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.7.35 MySQL Community Server (GPL)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

You are enforcing ssl conection via unix socket. Please consider
switching ssl off as it does not make connection via unix socket
any more secure.
mysql>

Now the problem:

$mysql -u test -h 127.0.0.1 -pXXX
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 15
Server version: 5.7.35 MySQL Community Server (GPL)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Is connect without ssl certificates.

$mysql -u test -h XXX.XXX.XXX.XXX -pXXX
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 15
Server version: 5.7.35 MySQL Community Server (GPL)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Is connect without ssl certificates.

Where XXX.XXX.XXX.XXX is IP of server pc.

When connection is made by IP i don't need certificate ?!?

Any help ?

Options: ReplyQuote


Subject
Written By
Posted
SSL connection problem.
February 02, 2022 07:11AM
February 03, 2022 01:15AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.