NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > MySQL Discussion> 2009-q1

Re: SSL Connections

From: Stefano Elmopi (stefano.elmopisociale.it)
Date: Tue Mar 31 2009 - 05:05:28 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Andy,

I used the same user.
I list the steps that I made:

on the server MySQL (10.43.249.17) I created the user:

GRANT ALL PRIVILEGES ON *.* TO 'pippo''%' IDENTIFIED BY '*****';

then, on the same server:

mysql --ssl-ca=/root/openssl/cacert.pem -u pippo -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1872
Server version: 5.0.45 Source distribution

on the another server :

mysql --ssl-ca=/root/openssl/cacert.pem -u pippo -h 10.43.249.17 -p
Enter password:
ERROR 2026 (HY000): SSL connection error

mysql --ssl-ca=/root/openssl/cacert.pem --ssl-cert=/root/openssl/
client-cert.pem --ssl-key=/root/openssl/client-key.pem -u pippo -h
10.43.249.17 -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1884
Server version: 5.0.45 Source distribution

I believe that to be asked the certification to client
but I wish it was not the case.

Thanks.

Ing. Stefano Elmopi
Gruppo Darco - Area ICT Sistemi
Via Ostiense 131/L Corpo B, 00154 Roma

cell. 3466147165
tel. 0657060500
email:stefano.elmopisociale.it

Il giorno 30/mar/09, alle ore 22:39, Andy Shellam ha scritto:

> Hi Stefano,
>
> I'm guessing your remote (non-local) server is using a different
> user account than your local server.
>
> rootlocalhost
> root%
> rootsomehost.com
>
> are all different users. If your remote host, or wildhost user
> account has the REQUIRE X509 flag (user must be certified) but your
> local one doesn't, that would explain it.
>
> What are your MySQL versions on both your server and remote client?
> What errors do you get on your client?
>
> Regards,
> Andy
>
> Stefano Elmopi wrote:
>>
>>
>> Hi,
>>
>> I'm trying to make connections ssl.
>> I followed the MySQL guide and I've configured the server
>> then I created a normal user, without the REQUIRE SSL.
>> On the same server can connect with the only option:
>>
>> mysql --ssl-ca=cacert.pem -u Pluto -p
>>
>> but if I try to connect from another host, I must, forcibly, also
>> specify the options:
>>
>> --ssl-cert=client-cert.pem
>> --ssl-key=client-key.pem
>>
>> Why ??
>> The guide says that even from another host, on a normal user,
>> you can use the only option:
>>
>> --ssl-ca
>>
>> but it is not, I am forced to certify the client.
>> Something wrong?
>>
>> Thanks
>>
>>
>>
>> Ing. Stefano Elmopi
>> Gruppo Darco - Area ICT Sistemi
>> Via Ostiense 131/L Corpo B, 00154 Roma
>>
>> cell. 3466147165
>> tel. 0657060500
>> email:stefano.elmopisociale.it
>>
>>
>

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]