Issues when configuring MariaDB with SSL

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,012
647
263
Houston
cPanel Access Level
DataCenter Provider
But if you don't have mysql_keys that's not going to be relevant for you the note explains it:

Code:
Note:

In the following examples, /mysql_keys represents the key storage directory.
If you created the certificates in the directory my assumption is that mysql may not be able to access it, where did you create it
 

DennisMidjord

Well-Known Member
Sep 27, 2016
227
27
28
Denmark
cPanel Access Level
Root Administrator
Hi again,

I know that the name of the directory doesn't matter, as soon as I just make it persistent.
I did just choose to make the directory /mysql_keys, create and place the files in that folder and then run
Code:
chown -Rf mysql. /mysql_keys
to make sure mysql could read the files.
I added the following to /etc/my.cnf:
Code:
[mysqld]
...
...
ssl-cipher=DHE-RSA-AES256-SHA
ssl-ca=/mysql_keys/ca-cert.pem
ssl-cert=/mysql_keys/server-cert.pem
ssl-key=/mysql_keys/server-key.pem

[client]
ssl-cert=/mysql_keys/client-cert.pem
ssl-key=/mysql_keys/client-key.pem
After restarting MySQL, I't still doesn't seem to work.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,012
647
263
Houston
cPanel Access Level
DataCenter Provider
Hi @DennisMidjord

I think I'm being unclear and I apologize, the documentation doesn't note that the full path to mysql_keys needs to be called - it looks like you're just calling /mysql_keys in the my.cnf- what's the full path? That's what should be present in the my.cnf

Thanks!
 
Last edited:

DennisMidjord

Well-Known Member
Sep 27, 2016
227
27
28
Denmark
cPanel Access Level
Root Administrator
Hi @cPanelLauren
The full path to the keys are /mysql_keys:
Code:
[[email protected] ~]# ls -la /mysql_keys/
total 40
drwxr-xr-x   2 mysql mysql 4096 Oct 10 14:28 .
dr-xr-xr-x. 20 root  root  4096 Oct 10 14:12 ..
-rw-r--r--   1 mysql mysql 1419 Oct 10 14:27 ca-cert.pem
-rw-r--r--   1 mysql mysql 1675 Oct 10 14:27 ca-key.pem
-rw-r--r--   1 mysql mysql 1289 Oct 10 14:28 client-cert.pem
-rw-r--r--   1 mysql mysql 1679 Oct 10 14:29 client-key.pem
-rw-r--r--   1 mysql mysql 1094 Oct 10 14:28 client-req.pem
-rw-r--r--   1 mysql mysql 1289 Oct 10 14:28 server-cert.pem
-rw-r--r--   1 mysql mysql 1679 Oct 10 14:28 server-key.pem
-rw-r--r--   1 mysql mysql 1094 Oct 10 14:28 server-req.pem
I'm not using .htaccess to do anything - it's as soon as I do a mysql command from SSH that it fails.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,012
647
263
Houston
cPanel Access Level
DataCenter Provider
Can you also run:

Code:
mysql --skip-ssl
show variables like '%ssl%';
and provide the output?

For your specific error as well I wonder, are you running MySQL or MariaDB? There is an issue with MariaDB and SSL Connections MariaDB SSL connection issues

I haven't found anything as of yet for MySQL though I am curious if 5.7 is also experiencing issues - the version of MySQL here would be important
 

DennisMidjord

Well-Known Member
Sep 27, 2016
227
27
28
Denmark
cPanel Access Level
Root Administrator
Hello,

Yes, that's correct. When entering the details for the client certificate, I just changed them up a bit from what I entered for the server certificate, and I worked immediately.
The core of the issue, you've used exactly the same information both for the client and the server certificate (same country, organization, locality, etc). And OpenSSL doesn't like that.
 
  • Like
Reactions: cPanelLauren