Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Issues when configuring MariaDB with SSL

Discussion in 'Database Discussion' started by DennisMidjord, Oct 10, 2018.

  1. DennisMidjord

    DennisMidjord Well-Known Member

    Joined:
    Sep 27, 2016
    Messages:
    210
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @DennisMidjord


    That error typically indicates that you've used the wrong certificate when adding the certificate what did you add?


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. DennisMidjord

    DennisMidjord Well-Known Member

    Joined:
    Sep 27, 2016
    Messages:
    210
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    I just followed the guide scrictly - even called the directory /mysql_keys.
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    But if you don't have mysql_keys that's not going to be relevant for you the note explains it:

    Code:
    Note:
    
    In the following examples, /mysql_keys represents the key storage directory.
    If you created the certificates in the directory my assumption is that mysql may not be able to access it, where did you create it
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. DennisMidjord

    DennisMidjord Well-Known Member

    Joined:
    Sep 27, 2016
    Messages:
    210
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Hi again,

    I know that the name of the directory doesn't matter, as soon as I just make it persistent.
    I did just choose to make the directory /mysql_keys, create and place the files in that folder and then run
    Code:
    chown -Rf mysql. /mysql_keys
    to make sure mysql could read the files.
    I added the following to /etc/my.cnf:
    Code:
    [mysqld]
    ...
    ...
    ssl-cipher=DHE-RSA-AES256-SHA
    ssl-ca=/mysql_keys/ca-cert.pem
    ssl-cert=/mysql_keys/server-cert.pem
    ssl-key=/mysql_keys/server-key.pem
    
    [client]
    ssl-cert=/mysql_keys/client-cert.pem
    ssl-key=/mysql_keys/client-key.pem
    
    After restarting MySQL, I't still doesn't seem to work.
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @DennisMidjord

    I think I'm being unclear and I apologize, the documentation doesn't note that the full path to mysql_keys needs to be called - it looks like you're just calling /mysql_keys in the my.cnf- what's the full path? That's what should be present in the my.cnf

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 cPanelLauren, Oct 11, 2018
    Last edited: Oct 11, 2018
  7. DennisMidjord

    DennisMidjord Well-Known Member

    Joined:
    Sep 27, 2016
    Messages:
    210
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Hi @cPanelLauren
    The full path to the keys are /mysql_keys:
    Code:
    [root@server11 ~]# ls -la /mysql_keys/
    total 40
    drwxr-xr-x   2 mysql mysql 4096 Oct 10 14:28 .
    dr-xr-xr-x. 20 root  root  4096 Oct 10 14:12 ..
    -rw-r--r--   1 mysql mysql 1419 Oct 10 14:27 ca-cert.pem
    -rw-r--r--   1 mysql mysql 1675 Oct 10 14:27 ca-key.pem
    -rw-r--r--   1 mysql mysql 1289 Oct 10 14:28 client-cert.pem
    -rw-r--r--   1 mysql mysql 1679 Oct 10 14:29 client-key.pem
    -rw-r--r--   1 mysql mysql 1094 Oct 10 14:28 client-req.pem
    -rw-r--r--   1 mysql mysql 1289 Oct 10 14:28 server-cert.pem
    -rw-r--r--   1 mysql mysql 1679 Oct 10 14:28 server-key.pem
    -rw-r--r--   1 mysql mysql 1094 Oct 10 14:28 server-req.pem
    
    I'm not using .htaccess to do anything - it's as soon as I do a mysql command from SSH that it fails.
     
  8. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @DennisMidjord


    This isn't the full path to /mysql_keys this is the contents of mysql_keys to get the full path you can run


    Code:
    pwd
    From the mysql_keys directory


    I'm sorry I misspoke you need to put the full path in the my.cnf not just /mysql_keys
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. DennisMidjord

    DennisMidjord Well-Known Member

    Joined:
    Sep 27, 2016
    Messages:
    210
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Hi,

    It really is the full path. Note the preciding slash ;-)
    [root@server11 mysql_keys]# pwd
    /mysql_keys

    The directory was created at the root of the disk, so the keys are actually in /mysql_keys/.
     
  10. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @DennisMidjord

    The output here
    Code:
    [root@server11 ~]# ls -la /mysql_keys/
    seems to insinuate you're in /root (root's homedir) not / so my assumption is you created /root/mysql_keys not /mysql_keys
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Can you also run:

    Code:
    mysql --skip-ssl
    show variables like '%ssl%';
    and provide the output?

    For your specific error as well I wonder, are you running MySQL or MariaDB? There is an issue with MariaDB and SSL Connections MariaDB SSL connection issues

    I haven't found anything as of yet for MySQL though I am curious if 5.7 is also experiencing issues - the version of MySQL here would be important
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. DennisMidjord

    DennisMidjord Well-Known Member

    Joined:
    Sep 27, 2016
    Messages:
    210
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Hello @cPanelLauren
    Thanks for that link! I managed to get it working by not using the same informations for the two certificates.
     
  13. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    HI @DennisMidjord

    Interesting! Can you tell me what you did? I wonder if that KB article needs to be updated now.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. DennisMidjord

    DennisMidjord Well-Known Member

    Joined:
    Sep 27, 2016
    Messages:
    210
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Hi,

    Using diffferent information for the certificates was what fixed it for me.
     
  15. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @DennisMidjord

    Meaning when you created the certificates you just created them with different details? This would make them inherently different from each other, which I find interesting.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. DennisMidjord

    DennisMidjord Well-Known Member

    Joined:
    Sep 27, 2016
    Messages:
    210
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Hello,

    Yes, that's correct. When entering the details for the client certificate, I just changed them up a bit from what I entered for the server certificate, and I worked immediately.
     
    cPanelLauren likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice