MySQL :: [SSL] Using cert signed by intermediary CA?

Contact MySQL |
Login | Register

The world's most popular open source database

Documentation Downloads MySQL.com

Developer Zone

Section Menu:

New Topic

[SSL] Using cert signed by intermediary CA?

Posted by: Paul Wehle
Date: March 12, 2009 11:03AM

Hello,

is there a known issue with certificates signed by intermediary CAs?

I spend a couple of hours trying to get MySQL5.0.32-7 running with SSL.
It failed all the time with "ERROR 2026 (HY000): SSL connection error", that is until I tried a test certificate signed directly by my root CA.

So far I cannot figure any major difference between the certificates except the fact that one is just signed by an intermediary CA.

You can take a look at the DER version of the certificates at
http://pcw-hosting.de/ssl/root-ca.crt (root CA)
http://pcw-hosting.de/ssl/ca.crt (intermediary CA)
http://pcw-hosting.de/ssl/test.crt (the working one, signed by root CA)
http://pcw-hosting.de/ssl/test2.crt (the not working one, signed by int. CA)
(the pem versions are on same webspace, just change .crt to .pem)

Best Regards,

Paul Wehle

Test setup:
Certificates with RSA:2048bit
Debian 4.1 32bit
MySQL5.0.32-7 compiled --with-openssl --without-yassl

| have_openssl | YES |
| ssl_ca | /etc/mysql/subroot-ca.pem |
| ssl_capath | |
| ssl_cert | /etc/mysql/test2.pem |
| ssl_cipher | |
| ssl_key | /etc/mysql/test2-key.pem |

Navigate: Previous Message• Next Message

Options: Reply• Quote

Subject

Views

Written By

Posted

[SSL] Using cert signed by intermediary CA?

4937

Paul Wehle

March 12, 2009 11:03AM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.