I have a server with mysql. I issued grant all on *.* to 'user'@'%' require ssl;
, created ca, key and cert according to this guide. I'm not using client certs.
I copied ca.pem
to a sandbox and connected to the database from this sandbox, using the command mysql -u user -p -h 192.168.120.78 --ssl-ca=ca.pem
and it works like a charm. Without --ssl-ca=ca.pem
it does not work, just as expected. Issuing SHOW STATUS LIKE 'SSL_CIPHER';
confirms that encryption is working.
But when I'm trying to connect with SQLYog using the same ca it does not work. I get the error message
Error No. 2026
SSL connection error: self signed certificate
I'm using SQLYog 12.4.2
Best Answer
After some googling, I found this:
https://forums.webyog.com/forums/search/SSL+self+signed/
The CA-cert and server-cert cannot have the same common name, because this is a vulnerability for man in the middle attacks. Make sure that they differ. The CN for CA can be anything and the CN for server-certs should correspond to their IP or URL or similar.