MySQL Forums
Forum List  »  Security

Re: SSL don't work
Posted by: Georgi Kodinov
Date: February 19, 2014 08:15AM

The way you're calling s_server and s_client is a bit different from how you're using the certs/keys with mysql.

With the mysql server you have both a key (C:\Program Files\MySQL\MySQL Server 5.6\certs\server-key.pem ), a CA (C:\Program Files\MySQL\MySQL Server 5.6\certs\ca-cert.pem ) and a certificate file (C:\Program Files\MySQL\MySQL Server 5.6\certs\server-cert.pem)

With the mysql client/heidiSQL you have SSL private key (client-key.pem), a CA (ca-cert.pem) and a client certificate (client-cert.pem).

And in your invocation of s_server you only have a cert and a key (and a CA dependent on your machine-wide ssl config).
And in s_client you have no key material.

You need to test with exactly the same key files to see the error :

s_client -cert client-cert.pem -key client-key.pem -CAfile ca-cert.pem ...

s_server -cert C:\Program Files\MySQL\MySQL Server 5.6\certs\server-cert.pem -key C:\Program Files\MySQL\MySQL Server 5.6\certs\server-key.pem and -CAcert C:\Program Files\MySQL\MySQL Server 5.6\certs\ca-cert.pem ...

Options: ReplyQuote


Subject
Views
Written By
Posted
4960
February 06, 2014 12:44PM
2217
February 07, 2014 08:23AM
2232
February 07, 2014 09:43AM
2105
February 07, 2014 10:07AM
2758
February 13, 2014 07:13AM
2198
February 13, 2014 07:47AM
2240
February 13, 2014 08:10AM
2202
February 13, 2014 08:33AM
2395
February 13, 2014 08:49AM
2092
February 13, 2014 09:08AM
2155
February 13, 2014 09:24AM
2116
February 14, 2014 02:16AM
2173
February 19, 2014 07:28AM
Re: SSL don't work
1909
February 19, 2014 08:15AM
2647
February 19, 2014 09:17AM
1918
February 19, 2014 09:32AM
3592
February 19, 2014 09:57AM
2181
February 19, 2014 10:00AM
2576
February 20, 2014 02:40AM
2127
February 20, 2014 02:57AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.