MySQL Forums
Forum List  »  Security

Unable to SSL i
Posted by: Var able
Date: September 10, 2021 10:54PM

Hello,
I am trying to enable ssl with following parameters in mysql config file.

ssl-ca = /etc/certs/ca.pem
ssl-cert = /etc/certs/server-cert.pem
ssl-key = /etc/certs/server-key.pem


After making above entries I had restarted mysql services but when I checked ssl status it is still disabled.

mysql> SHOW GLOBAL VARIABLES LIKE '%ssl%';
+-------------------------------------+-----------------------------+
| Variable_name | Value |
+-------------------------------------+-----------------------------+
| admin_ssl_ca | |
| admin_ssl_capath | |
| admin_ssl_cert | |
| admin_ssl_cipher | |
| admin_ssl_crl | |
| admin_ssl_crlpath | |
| admin_ssl_key | |
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| mysqlx_ssl_ca | |
| mysqlx_ssl_capath | |
| mysqlx_ssl_cert | |
| mysqlx_ssl_cipher | |
| mysqlx_ssl_crl | |
| mysqlx_ssl_crlpath | |
| mysqlx_ssl_key | |
| performance_schema_show_processlist | OFF |
| ssl_ca | /etc/certs/ca.pem |
| ssl_capath | |
| ssl_cert | /etc/certs//server-cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_fips_mode | OFF |
| ssl_key | /etc/certs//server-key.pem |
+-------------------------------------+-----------------------------+

I even verified the permissions to mysql certs and looks fine

sudo -u mysql ls -lrt /etc/certs/server-cert.pem
-rwxr----- 1 mysql mysql 2358 Sep 11 03:17 /etc/certs/server-cert.pem

sudo -u mysql ls -lrt /etc/certs/server-key.pem
-rwxr----- 1 mysql mysql 3243 Sep 10 07:55 /etc/certs/server-key.pem

sudo -u mysql ls -lrt /etc/certs/ca.pem
-rwxr----- 1 mysql mysql 1911 Sep 11 03:22 /etc/certs/ca.pem


Am I missing anything in the steps followed , MySQL version is 8.0.25 Community.

Regards,
Var

Options: ReplyQuote


Subject
Views
Written By
Posted
Unable to SSL i
872
September 10, 2021 10:54PM
452
September 11, 2021 04:27AM
992
September 11, 2021 07:24PM
809
September 13, 2021 01:50AM
535
September 14, 2021 10:30PM
457
September 15, 2021 01:23AM


Sorry, you can't reply to this topic. It has been closed.
This forum is currently read only. You can not log in or make any changes. This is a temporary situation.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.