I am having some issues getting OpenSSL to work correctly. I was able to sign and set up the certificates but thats it. I cannot seem to do much else.
First of all if I try and update my grants tables I get this error. If I try and mysql_fix_privilege_tables I get an error that says: error: Found option without preceding group in config file: /etc/my.cnf at line: 1 Fatal error in defaults handling. Program aborted my my.cnf file looks as follows. ----------- cnf="" cnf="$cnf [client]" cnf="$cnf ssl-ca=$DIR/cacert.pem" cnf="$cnf ssl-cert=$DIR/client-cert.pem" cnf="$cnf ssl-key=$DIR/client-key.pem" cnf="$cnf [mysqld]" cnf="$cnf ssl-ca=$DIR/cacert.pem" cnf="$cnf ssl-cert=$DIR/server-cert.pem" cnf="$cnf ssl-key=$DIR/server-key.pem" echo $cnf | replace " " ' ' > $DIR/my.cnf ------------ So that’s not really working currently. I was able to manage to get the certs all signed and setup using MySQL official page. Here is the problem though. The MySQL site says to: --------from www.mysql.org----- To test SSL connections, start the server as follows, where $DIR is the pathname to the directory where the sample `my.cnf' option file is located: shell> mysqld --defaults-file=$DIR/my.cnf & Then invoke a client program using the same option file: shell> mysql --defaults-file=$DIR/my.cnf ------end from www.mysql.org---- If I try to do as it says, it will not let me run mysqld --defaults-file=$DIR/my.cnf & says I cannot do this from root which is fine because I would rather not anyways. so I modified it a bit and tried: mysqld_safe --defaults-file=$DIR/my.cnf & I then get the error WARNING: Defaults file '/my.cnf' not found! So even though my.cnf is in $DIR i path it out and run: mysqld_safe --defaults-file=/usr/local/openssl/my.cnf & This give me an error of: [EMAIL PROTECTED] openssl]# /usr/local/mysql/bin/mysqld_safe --defaults-file=/usr/local/openssl/my.cnf error: Found option without preceding group in config file: /usr/local/openssl/my.cnf at line: 1 Fatal error in defaults handling. Program aborted error: Found option without preceding group in config file: /usr/local/openssl/my.cnf at line: 1 Fatal error in defaults handling. Program aborted My my.cnf file is as follows, also taken from www.mysql.org cnf="" cnf="$cnf [client]" cnf="$cnf ssl-ca=$DIR/cacert.pem" cnf="$cnf ssl-cert=$DIR/client-cert.pem" cnf="$cnf ssl-key=$DIR/client-key.pem" cnf="$cnf [mysqld]" cnf="$cnf ssl-ca=$DIR/cacert.pem" cnf="$cnf ssl-cert=$DIR/server-cert.pem" cnf="$cnf ssl-key=$DIR/server-key.pem" echo $cnf | replace " " ' ' > $DIR/my.cnf So, I am not sure what is up with that. Now just trying to log into the server, If I try to log in as root I am able to log into mysql server now using /usr/local/mysql/bin/mysql --defaults-file=$DIR/my.cnf -p it then asks for a Password and I am able to get in fine. Now root is just set normally requiring no ssl. I did creat a user called hal that I added REQUIRE SSL; to the privileges granting command. Now when I try to log in as hal the same way using: /usr/local/mysql/bin/mysql --defaults-file=$DIR/my.cnf -p I get: [EMAIL PROTECTED] sbin]$ /usr/local/mysql/bin/mysql --defaults-file=$DIR/my.cnf -p Enter password: ERROR 1045: Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) So I am not sure about that. Does this have to do with the fact that i was not able to run /usr/local/mysql/bin/mysqld_safe --defaults-file=/usr/local/openssl/my.cnf ? What does that above command actually do? I know that mysqld_safe starts the server so I assume taht the "--defaults-file=/usr/local/openssl/my.cnf" Starts the sever so it looks to the my.cnf to auth. ssl users? Anyways any help you could give me would REALLY help. I wanted to give you as much information as possible...thanks... Conner -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
