MySQL Forums
Forum List  »  Security

Advanced Search
New Topic

SSL configuration fails with a warning
Posted by: avinash pawar
Date: December 16, 2019 01:42AM

Hi I am trying to set up a MySQL server 8.0.16 on RHEL 7.5. The configuration I am willing to include for this server contains SSL related options.

The MySQL server is initialized but with a warning related to SSL, which is as follows:

mysqld --defaults-file=/mysql_data/config/options.cnf --initialize --user=mysql &

[root@BFLBRESRV03 ~]# 100
100 200 300 400 500
100 200 300 400 500
100
2019-12-13T13:04:14.071486Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
2019-12-13T13:04:14.071739Z 0 [System] [MY-013169] [Server] /mysql_binaries/mysql/mysql-server-8.0.16/bin/mysqld (mysqld 8.0.16-commercial) initializing of server in progress as process 962
2019-12-13T13:04:19.318987Z 0 [Warning] [MY-010069] [Server] Failed to set up SSL because of the following SSL library error: SSL_CTX_set_default_verify_paths failed
2019-12-13T13:04:19.498482Z 5 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: geY0lgrNZd+u
2019-12-13T13:04:20.958898Z 0 [System] [MY-013170] [Server] /mysql_binaries/mysql/mysql-server-8.0.16/bin/mysqld (mysqld 8.0.16-commercial) initializing of server has completed

[1]+ Done mysqld --defaults-file=/mysql_data/config/options.cnf --initialize --user=mysql
[Warning] [MY-010069] [Server] Failed to set up SSL because of the following SSL library error: SSL_CTX_set_default_verify_paths failed

The directory does not contain the ca.pem file but it does contain private_key.pem, and public_key.pem.

My options file contains following ssl configuration

[mysqld]

# SSL #

ssl-cipher = DHE-RSA-AES256-SHA

ssl_ca = /mysql_data/ssl-certs/ca.pem

ssl_cert = /mysql_data/ssl-certs/server-cert.pem

ssl_key = /mysql_data/ssl-certs/server-key.pem

require_secure_transport = ON

tls_version = TLSv1.2
If I initialize the server without ssl-ca, ssl-cert, ssl-key options, the server is successfully initialized without any warnings and the data directory contains the files ca-key.pem, client-cert.pem, public_key.pem, server-key.pem, ca.pem, client-key.pem, private_key.pem, server-cert.pem.

Kindly help me understand what mistake I am doing. What is the warning about and why the ca.pem certificate file was not created?

Can I create the SSL certificates in directories other than data directory?

I know i can later create the certificates using openssl or mysql_ssl_rsa_setup.

https://serverfault.com/questions/839650/mysql-ssl-ssl-ctx-set-default-verify-paths-failed

My SELinux is in PERMISSIVE mode.

MySQL ssl setup failed

The directory for SSL certificates that I was using /mysql_data/ssl-certs is owned by mysql user and group.

Navigate: Previous MessageNext Message
Options: ReplyQuote


Subject
Views
Written By
Posted
SSL configuration fails with a warning
6082
avinash pawar
December 16, 2019 01:42AM
Re: SSL configuration fails with a warning
1408
avinash pawar
December 20, 2019 02:53AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.