Am 25.11.2012 00:30, schrieb Jackie Zhang: > Hello everyone, > > I want to setup SSL for mysql server. I followed the manual on > http://dev.mysql.com/doc/refman/5.5/en/ssl-connections.html > > I first generated the certificates and key files by strictly following the > following link, > http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html > with everything verified: > > shell> *openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem* > server-cert.pem: OK > client-cert.pem: OK > > > But, when I start my server using > bin/mysqld --ssl-ca=./newcerts/ca-cert.pem \ > --ssl-cert=./newcerts/server-cert.pem \ > --ssl-key=./newcerts/server-key.pem > > The server started with the following error message: > 121124 14:41:27 [Warning] Failed to setup SSL > 121124 14:41:27 [Warning] SSL error: Failed to set ciphers to use > > Did I miss something? I tried to add > --ssl-cipher=DHE-RSA-AES256-SHA:AES128-SHA and --ssl, but it didn't help. > > Please give me some clue...
i used the script below for generate ca.crt, client.pem, server.pem this setup works since years for replication as also php-scripts [root@buildserver:~]$ cat /buildserver/ssl-cert/mysql/generate.sh #!/bin/bash DIR="/buildserver/ssl-cert/mysql" rm -rf $DIR/cert/ rm -rf $DIR/db/ mkdir $DIR/cert/ mkdir $DIR/db/ touch $DIR/db/index.txt echo "01" > $DIR/db/serial rm -f $DIR/ca.key rm -f $DIR/cert/ca.crt openssl req -new -x509 -days 3650 -keyout $DIR/ca.key -out $DIR/cert/ca.crt -config $DIR/openssl.cnf openssl req -new -keyout $DIR/cert/server.key -out $DIR/cert/server.csr -days 3650 -config $DIR/openssl.cnf openssl rsa -in $DIR/cert/server.key -out $DIR/cert/server.key openssl ca -policy policy_anything -out $DIR/cert/server.crt -days 3650 -config $DIR/openssl.cnf -infiles $DIR/cert/server.csr openssl req -new -keyout $DIR/cert/client.key -out $DIR/cert/client.csr -days 3650 -config $DIR/openssl.cnf openssl rsa -in $DIR/cert/client.key -out $DIR/cert/client.key openssl ca -policy policy_anything -out $DIR/cert/client.crt -days 3650 -config $DIR/openssl.cnf -infiles $DIR/cert/client.csr rm -f $DIR/cert/server.csr rm -f $DIR/cert/client.csr rm -f $DIR/cert/01.pem rm -f $DIR/cert/02.pem cat $DIR/cert/server.crt $DIR/cert/server.key > $DIR/cert/server.pem rm -f $DIR/cert/server.crt rm -f $DIR/cert/server.key cat $DIR/cert/client.crt $DIR/cert/client.key > $DIR/cert/client.pem rm -f $DIR/cert/client.crt rm -f $DIR/cert/client.key chmod 644 $DIR/cert/* rm -f /etc/mysql-ssl/* cp $DIR/cert/* /etc/mysql-ssl/ chmod 755 /etc/mysql-ssl/ chmod 644 /etc/mysql-ssl/*
signature.asc
Description: OpenPGP digital signature