MySQL Forums
Forum List  »  Security

Unable to SSL i
Posted by: Var able
Date: September 10, 2021 10:54PM

Hello,
I am trying to enable ssl with following parameters in mysql config file.

ssl-ca = /etc/certs/ca.pem
ssl-cert = /etc/certs/server-cert.pem
ssl-key = /etc/certs/server-key.pem


After making above entries I had restarted mysql services but when I checked ssl status it is still disabled.

mysql> SHOW GLOBAL VARIABLES LIKE '%ssl%';
+-------------------------------------+-----------------------------+
| Variable_name | Value |
+-------------------------------------+-----------------------------+
| admin_ssl_ca | |
| admin_ssl_capath | |
| admin_ssl_cert | |
| admin_ssl_cipher | |
| admin_ssl_crl | |
| admin_ssl_crlpath | |
| admin_ssl_key | |
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| mysqlx_ssl_ca | |
| mysqlx_ssl_capath | |
| mysqlx_ssl_cert | |
| mysqlx_ssl_cipher | |
| mysqlx_ssl_crl | |
| mysqlx_ssl_crlpath | |
| mysqlx_ssl_key | |
| performance_schema_show_processlist | OFF |
| ssl_ca | /etc/certs/ca.pem |
| ssl_capath | |
| ssl_cert | /etc/certs//server-cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_fips_mode | OFF |
| ssl_key | /etc/certs//server-key.pem |
+-------------------------------------+-----------------------------+

I even verified the permissions to mysql certs and looks fine

sudo -u mysql ls -lrt /etc/certs/server-cert.pem
-rwxr----- 1 mysql mysql 2358 Sep 11 03:17 /etc/certs/server-cert.pem

sudo -u mysql ls -lrt /etc/certs/server-key.pem
-rwxr----- 1 mysql mysql 3243 Sep 10 07:55 /etc/certs/server-key.pem

sudo -u mysql ls -lrt /etc/certs/ca.pem
-rwxr----- 1 mysql mysql 1911 Sep 11 03:22 /etc/certs/ca.pem


Am I missing anything in the steps followed , MySQL version is 8.0.25 Community.

Regards,
Var

Options: ReplyQuote


Subject
Views
Written By
Posted
Unable to SSL i
262
September 10, 2021 10:54PM
112
September 11, 2021 04:27AM
135
September 11, 2021 07:24PM
138
September 13, 2021 01:50AM
113
September 14, 2021 10:30PM
120
September 15, 2021 01:23AM


Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.