MySQL Forums
Forum List  »  Security

Re: SSL don't work
Posted by: Georgi Kodinov
Date: February 19, 2014 08:15AM

The way you're calling s_server and s_client is a bit different from how you're using the certs/keys with mysql.

With the mysql server you have both a key (C:\Program Files\MySQL\MySQL Server 5.6\certs\server-key.pem ), a CA (C:\Program Files\MySQL\MySQL Server 5.6\certs\ca-cert.pem ) and a certificate file (C:\Program Files\MySQL\MySQL Server 5.6\certs\server-cert.pem)

With the mysql client/heidiSQL you have SSL private key (client-key.pem), a CA (ca-cert.pem) and a client certificate (client-cert.pem).

And in your invocation of s_server you only have a cert and a key (and a CA dependent on your machine-wide ssl config).
And in s_client you have no key material.

You need to test with exactly the same key files to see the error :

s_client -cert client-cert.pem -key client-key.pem -CAfile ca-cert.pem ...

s_server -cert C:\Program Files\MySQL\MySQL Server 5.6\certs\server-cert.pem -key C:\Program Files\MySQL\MySQL Server 5.6\certs\server-key.pem and -CAcert C:\Program Files\MySQL\MySQL Server 5.6\certs\ca-cert.pem ...

Options: ReplyQuote


Subject
Views
Written By
Posted
4844
February 06, 2014 12:44PM
2184
February 07, 2014 08:23AM
2196
February 07, 2014 09:43AM
2067
February 07, 2014 10:07AM
2728
February 13, 2014 07:13AM
2131
February 13, 2014 07:47AM
2208
February 13, 2014 08:10AM
2151
February 13, 2014 08:33AM
2322
February 13, 2014 08:49AM
2061
February 13, 2014 09:08AM
2117
February 13, 2014 09:24AM
2084
February 14, 2014 02:16AM
2144
February 19, 2014 07:28AM
Re: SSL don't work
1853
February 19, 2014 08:15AM
2606
February 19, 2014 09:17AM
1889
February 19, 2014 09:32AM
3551
February 19, 2014 09:57AM
2122
February 19, 2014 10:00AM
2513
February 20, 2014 02:40AM
2093
February 20, 2014 02:57AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.