MySQL Forums
Forum List  »  Security

Re: Enable SSL Connection
Posted by: Samson Lin
Date: September 19, 2019 01:33AM

(1) I used openssl command line tool to verify the server cert and key created.

# cd /etc/certs
# openssl req -noout -modulus -in server-req.pem | md5sum
10c6a624ccb2171582a94ababa5c2790 -
# openssl x509 -noout -modulus -in server-cert.pem | md5sum
10c6a624ccb2171582a94ababa5c2790 -
# openssl rsa -noout -modulus -in server-key.pem | md5sum
10c6a624ccb2171582a94ababa5c2790 -

They match with each other.

(2) Here below is my.cnf config:

[mysqld]
ssl-ca=/etc/certs/ca-cert.pem
ssl-cert=/etc/certs/server-cert.pem
ssl-key=/etc/certs/server-key.pem

(3) Here below is the directory and file permission:

# ll -d /etc
drwxr-xr-x. 149 root root 8192 Sep 19 15:23 /etc
# ll -d certs
drwxr-xr-x. 2 mysql mysql 177 Sep 18 17:40 certs
# ll -d /etc/certs
drwxr-xr-x. 2 mysql mysql 177 Sep 18 17:40 /etc/certs
# cd /etc/certs
# ll
total 32
-rw-r--r--. 1 mysql mysql 1196 Sep 18 17:34 ca-cert.pem
-rw-------. 1 mysql mysql 1704 Sep 18 17:33 ca-key.pem
-rw-r--r--. 1 mysql mysql 1103 Sep 18 17:40 client-cert.pem
-rw-r--r--. 1 mysql mysql 1704 Sep 18 17:39 client-key.pem
-rw-r--r--. 1 mysql mysql 976 Sep 18 17:39 client-req.pem
-rw-r-----. 1 mysql mysql 1082 Sep 18 17:37 server-cert.pem
-rw-r-----. 1 mysql mysql 1704 Sep 18 17:37 server-key.pem
-rw-r-----. 1 mysql mysql 956 Sep 18 17:35 server-req.pem

(4) Here below is the /var/log/mysqld.log after mysqld restart:

2019-09-19T07:24:22.544724Z 0 [Note] /usr/sbin/mysqld: Shutdown complete
2019-09-19T07:24:23.978982Z 0 [Note] /usr/sbin/mysqld (mysqld 5.7.27) starting as process 7246 ...
2019-09-19T07:24:23.984971Z 0 [Note] InnoDB: PUNCH HOLE support available
2019-09-19T07:24:23.985065Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2019-09-19T07:24:23.985074Z 0 [Note] InnoDB: Uses event mutexes
2019-09-19T07:24:23.985082Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier
2019-09-19T07:24:23.985088Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2019-09-19T07:24:23.985098Z 0 [Note] InnoDB: Using Linux native AIO
2019-09-19T07:24:23.985549Z 0 [Note] InnoDB: Number of pools: 1
2019-09-19T07:24:23.985665Z 0 [Note] InnoDB: Using CPU crc32 instructions
2019-09-19T07:24:23.987570Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2019-09-19T07:24:24.004181Z 0 [Note] InnoDB: Completed initialization of buffer pool
2019-09-19T07:24:24.007076Z 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2019-09-19T07:24:24.019168Z 0 [Note] InnoDB: Highest supported file format is Barracuda.
2019-09-19T07:24:24.044679Z 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2019-09-19T07:24:24.044869Z 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2019-09-19T07:24:24.126790Z 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2019-09-19T07:24:24.127758Z 0 [Note] InnoDB: 96 redo rollback segment(s) found. 96 redo rollback segment(s) are active.
2019-09-19T07:24:24.127777Z 0 [Note] InnoDB: 32 non-redo rollback segment(s) are active.
2019-09-19T07:24:24.128207Z 0 [Note] InnoDB: Waiting for purge to start
2019-09-19T07:24:24.179602Z 0 [Note] InnoDB: 5.7.27 started; log sequence number 2626325
2019-09-19T07:24:24.180033Z 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2019-09-19T07:24:24.180287Z 0 [Note] Plugin 'FEDERATED' is disabled.
2019-09-19T07:24:24.181696Z 0 [Note] InnoDB: Buffer pool(s) load completed at 190919 15:24:24
2019-09-19T07:24:24.194406Z 0 [ERROR] SSL error: Unable to get private key from '/etc/certs/server-key.pem'
2019-09-19T07:24:24.194487Z 0 [Warning] Failed to set up SSL because of the following SSL library error: Unable to get private key
2019-09-19T07:24:24.195247Z 0 [Note] Server hostname (bind-address): '*'; port: 3306
2019-09-19T07:24:24.195324Z 0 [Note] IPv6 is available.
2019-09-19T07:24:24.195338Z 0 [Note] - '::' resolves to '::';
2019-09-19T07:24:24.195361Z 0 [Note] Server socket created on IP: '::'.
2019-09-19T07:24:24.211221Z 0 [Note] Event Scheduler: Loaded 0 events
2019-09-19T07:24:24.211525Z 0 [Note] /usr/sbin/mysqld: ready for connections.
Version: '5.7.27' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Server (GPL)

Is it bug?

Options: ReplyQuote


Subject
Views
Written By
Posted
1770
September 18, 2019 04:04AM
261
September 18, 2019 04:14AM
287
September 18, 2019 04:28AM
291
September 18, 2019 05:29AM
Re: Enable SSL Connection
301
September 19, 2019 01:33AM
437
September 19, 2019 02:14AM
328
September 19, 2019 02:21AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.