I am using openssl to generate ssl certificates that I am using to connect to mysql with SSL encryption. This works fine while I am connecting from the local host environement (even when I connect over the servers public IP, I have also connected successfully from the web server boxes). However, When I try to connect from my local dev machine I get an SSL errror.
When connecting from hosting platform
mysql -u metrics -p -h 45.33.x.x --ssl-key=client-key.pem --ssl-ca=ca.pem --ssl-cert=client-cert.pem Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 136 ...
When connecting from Mac dev machine, I used scp to copy the cert/key files to my dev machine
mysql -u metrics -h 45.33.x.x -p --ssl-key=client-key.pem --ssl-cert=client-cert.pem --ssl-ca=ca.pem Enter password: ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
Here is what I have done to try to solve this problem
- I have generated checksums of cert/key/ca on the server and local machine, they are identical
- I have looked at Can't connect to MySQL 5.5 with SSL server fault question neither idea solved the problem
- I have debugged SSL by starting the openSSL server (on the mysql server) and connecting from my local machine, once again no problems.
If it makes a difference the servers are all running ubuntu 14.04 with openSSL "OpenSSL 1.0.1f 6 Jan 2014" and I am connecting from osX 10.10.4 with openSSL "OpenSSL 1.0.2c 12 Jun 2015"
So any ideas?
Best Answer
This looks like a cipher related problem. Try adding the option on both server and client:
--ssl-cipher=AES128-SHA. You can use any other suite present both sides in the output ofopenssl ciphers HIGH.It's also possible that the MySQL client config file includes
ssl-verify-server-certoption, if so remove it or (safer) use a domain name from server's certificate CN.If it still fails you can: