SSL configuration issue
MariaDB SSL Configuration Issue
I tried to set up a self-signed SSL for my MariaDB server on Ubuntu 24.04, but the SSL remains disabled even though I set the path.
Here's what I have done so far:
1. Checked the permissions of the SSL certificate files:
evan@server:~$ ls -l /etc/mysql/ssl/ca-cert.pem -rw------- 1 mysql mysql 1245 Jun 5 00:57 /etc/mysql/ssl/ca-cert.pem evan@server:~$ ls -l /etc/mysql/ssl/server-cert.pem -rw------- 1 mysql mysql 1099 Jun 5 00:58 /etc/mysql/ssl/server-cert.pem evan@server:~$ ls -l /etc/mysql/ssl/server-key.pem -rw------- 1 mysql mysql 1704 Jun 5 00:58 /etc/mysql/ssl/server-key.pem
2. Verified the MariaDB server version:
Server version: 10.11.7-MariaDB-2ubuntu2 Ubuntu 24.04
3. Checked the SSL variables in MariaDB:
MariaDB [(none)]> SHOW VARIABLES LIKE '%ssl%'; +---------------------+----------------------------+ | Variable_name | Value | +---------------------+----------------------------+ | have_openssl | YES | | have_ssl | DISABLED | | ssl_ca | | | ssl_capath | | | ssl_cert | | | ssl_cipher | | | ssl_crl | | | ssl_crlpath | | | ssl_key | | | version_ssl_library | OpenSSL 3.0.13 30 Jan 2024 | +---------------------+----------------------------+
4. My configuration settings in /etc/mysql/my.cnf
:
ssl-ca=/etc/mysql/ssl/ca-cert.pem ssl-cert=/etc/mysql/ssl/server-cert.pem ssl-key=/etc/mysql/ssl/server-key.pem require-secure-transport = off
Question
Why is the SSL staying disabled even though I have set the path to the certificate files? What steps do I need to follow to enable SSL for my MariaDB server?
Debugging Steps
Please provide any necessary debugging steps or configuration changes to resolve this issue.
Thank you!
Answer Answered by Daniel Black in this comment.
What does the MariaDB server log show on startup?
Comments
Comments loading...
Content reproduced on this site is the property of its respective owners,
and this content is not reviewed in advance by MariaDB. The views, information and opinions
expressed by this content do not necessarily represent those of MariaDB or any other party.