MySQL Forums
Forum List  »  Security

[SOLUTION] Re: Please help.... doesn't work SSL on MySQL
Posted by: Kenni Lund
Date: March 27, 2011 05:25PM

I had the *EXACT* same issue ("have_openssl" and "have_ssl" was "DISABLED" even with the correct absolute path, but removing ssl_cert in my.ini changed "DISABLED" to "YES") - but I have finally found a solution...the generated certificates are apparently incompatible. At least on a recent OpenSSL 1.0.0 and MySQL 5.5.10 on Windows 2008 64 bit.

DON'T generate the server certificates as described in the reference manual, instead use the following approach, which worked for me:

Create a file called serial.txt which contains the text "01" and save it in the directory for the certificates. Run the following commands in the same directory:

> openssl req -new -x509 -keyout "ca-key.pem" -out "ca-cert.pem"
(if you're asked to enter a PEM-password, enter a password which is at least 4 characters long).

> openssl req -new -keyout "server-key.pem" -out "server-req.pem" -days 3600
(if you're asked to enter a PEM-password, enter another password which is at least 4 characters long).

> openssl rsa -in "server-key.pem" -out "server-key.pem"
> openssl x509 -req -days 3600 -CA "ca-cert.pem" -CAkey "ca-key.pem" -CAserial "serial.txt" -in "server-req.pem" -out "server-cert.pem"

After restarting the MySQL service, SSL is now working :)

For a more in depth solution, read the comment posted by Rahul Gupta on October 23 2006 6:54pm on http://dev.mysql.com/doc/refman/5.5/en/secure-create-certs.html

Best regards
Kenni

Options: ReplyQuote


Subject
Views
Written By
Posted
[SOLUTION] Re: Please help.... doesn't work SSL on MySQL
2431
March 27, 2011 05:25PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.