MySQL Forums
Forum List  »  Security

Re: SSL don't work
Posted by: Georgi Kodinov
Date: February 19, 2014 08:15AM

The way you're calling s_server and s_client is a bit different from how you're using the certs/keys with mysql.

With the mysql server you have both a key (C:\Program Files\MySQL\MySQL Server 5.6\certs\server-key.pem ), a CA (C:\Program Files\MySQL\MySQL Server 5.6\certs\ca-cert.pem ) and a certificate file (C:\Program Files\MySQL\MySQL Server 5.6\certs\server-cert.pem)

With the mysql client/heidiSQL you have SSL private key (client-key.pem), a CA (ca-cert.pem) and a client certificate (client-cert.pem).

And in your invocation of s_server you only have a cert and a key (and a CA dependent on your machine-wide ssl config).
And in s_client you have no key material.

You need to test with exactly the same key files to see the error :

s_client -cert client-cert.pem -key client-key.pem -CAfile ca-cert.pem ...

s_server -cert C:\Program Files\MySQL\MySQL Server 5.6\certs\server-cert.pem -key C:\Program Files\MySQL\MySQL Server 5.6\certs\server-key.pem and -CAcert C:\Program Files\MySQL\MySQL Server 5.6\certs\ca-cert.pem ...

Options: ReplyQuote


Subject
Views
Written By
Posted
4656
February 06, 2014 12:44PM
2138
February 07, 2014 08:23AM
2121
February 07, 2014 09:43AM
2014
February 07, 2014 10:07AM
2666
February 13, 2014 07:13AM
2064
February 13, 2014 07:47AM
2136
February 13, 2014 08:10AM
2105
February 13, 2014 08:33AM
2258
February 13, 2014 08:49AM
1979
February 13, 2014 09:08AM
2056
February 13, 2014 09:24AM
2017
February 14, 2014 02:16AM
2084
February 19, 2014 07:28AM
Re: SSL don't work
1795
February 19, 2014 08:15AM
2537
February 19, 2014 09:17AM
1822
February 19, 2014 09:32AM
3457
February 19, 2014 09:57AM
2066
February 19, 2014 10:00AM
2365
February 20, 2014 02:40AM
2029
February 20, 2014 02:57AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.