Re: SSL Connections

Tue, 31 Mar 2009 03:05:56 -0700 


Hi Andy,

I used the same user.
I list the steps that I made:

on the server MySQL (10.43.249.17) I created the user:

GRANT ALL PRIVILEGES ON *.* TO 'pippo'@'%' IDENTIFIED BY '*****';

then, on the same server:

mysql --ssl-ca=/root/openssl/cacert.pem -u pippo  -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1872
Server version: 5.0.45 Source distribution

on the another server :

mysql --ssl-ca=/root/openssl/cacert.pem -u pippo -h 10.43.249.17  -p
Enter password:
ERROR 2026 (HY000): SSL connection error
mysql --ssl-ca=/root/openssl/cacert.pem --ssl-cert=/root/openssl/ client-cert.pem --ssl-key=/root/openssl/client-key.pem -u pippo -h 10.43.249.17 -p 
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1884
Server version: 5.0.45 Source distribution

I believe that to be asked the certification to client
but I wish it was not the case.

Thanks.




Ing. Stefano Elmopi
Gruppo Darco - Area ICT Sistemi
Via Ostiense 131/L Corpo B, 00154 Roma

cell. 3466147165
tel.  0657060500
email:stefano.elm...@sociale.it

Il giorno 30/mar/09, alle ore 22:39, Andy Shellam ha scritto:


Hi Stefano,
I'm guessing your remote (non-local) server is using a different user account than your local server. 

r...@localhost
r...@%
r...@somehost.com
are all different users. If your remote host, or wildhost user account has the REQUIRE X509 flag (user must be certified) but your local one doesn't, that would explain it.
What are your MySQL versions on both your server and remote client? What errors do you get on your client? 

Regards,
Andy

Stefano Elmopi wrote:



Hi,

I'm trying to make connections ssl.
I followed the MySQL guide and I've configured the server
then I created a normal user, without the REQUIRE SSL.
On the same server can connect with the only option:

mysql --ssl-ca=cacert.pem -u Pluto -p
but if I try to connect from another host, I must, forcibly, also specify the options: 

--ssl-cert=client-cert.pem
--ssl-key=client-key.pem

Why ??
The guide says that even from another host, on a normal user,
you can use the only option:

--ssl-ca

but it is not, I am forced to certify the client.
Something wrong?

Thanks



Ing. Stefano Elmopi
Gruppo Darco - Area ICT Sistemi
Via Ostiense 131/L Corpo B, 00154 Roma

cell. 3466147165
tel.  0657060500
email:stefano.elm...@sociale.it







--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/mysql?unsub=arch...@jab.org

Reply via email to