When connecting to MariaDB 10.1.8, I selected the Use SSL check box at the top without providing any additional cert locations. This should allow for encryption using the system's trusted CAs.
I am getting 'SSL connection error: unknown error number'
Using MySQL Workbench 6.3.5 in a similar manner will allow you to connect.
Please advise.
Connecting to MariaDB 10.1 over SSL
MariaDB uses OpenSSL and lets it verify certificates. MySQL either uses YaSSL or OpenSSL and is sloppy about error checking. That's why your certificates used to work with MySQL and stopped working when you upgraded.
The core of the issue, you've used exactly the same information both for the client and the server certificate (same country, organization, locality, etc). And OpenSSL doesn't like that. Recreating certificates with different description should solve this problem.
Just for the reference, here's how you can verify whether your certificates are valid:
The core of the issue, you've used exactly the same information both for the client and the server certificate (same country, organization, locality, etc). And OpenSSL doesn't like that. Recreating certificates with different description should solve this problem.
Just for the reference, here's how you can verify whether your certificates are valid:
openssl verify -CAfile /etc/mysql/newcerts/ca-cert.pem /etc/mysql/newcerts/server-cert.pem /etc/mysql/newcerts/client-cert.pem
Thanks Emma. Ts it necessary to have a client cert?
I understand they can be used for authentication of the client, but what if I just need to verify that the server is who it says it is? Kind of like accessing a website over SSL.
Is two-way auth always needed?
I understand they can be used for authentication of the client, but what if I just need to verify that the server is who it says it is? Kind of like accessing a website over SSL.
Is two-way auth always needed?
Please login to leave a reply, or register at first.