Comments - Securing Connections for Client and Server

3 years, 2 months ago Oli Sennhauser

It is worth mentioning that if you create the certificates as user root the MariaDB daemon CANNOT read the SSL certificates. You have to do a chown or chmod first:

SQL> SHOW GLOBAL VARIABLES LIKE '%ssl%'; +---------------------+------------------------------------------------------+

Variable_nameValue

+---------------------+------------------------------------------------------+

have_sslDISABLED
ssl_ca/home/mysql/database/mariadb-106/etc/ca.pem
ssl_cert/home/mysql/database/mariadb-106/etc/server-cert.pem
ssl_key/home/mysql/database/mariadb-106/etc/server-key.pem

+---------------------+------------------------------------------------------+

SSL error: Unable to get private key from '/home/mysql/database/mariadb-106/etc/server-key.pem' 2021-10-18 15:42:25 0 [Warning] Failed to setup SSL 2021-10-18 15:42:25 0 [Warning] SSL error: Unable to get private key

After this command:

chown mysql: /etc/my.cnf.d/certificates/server-*.pem

SSL works fine.

 
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.