I am having some issues getting OpenSSL to work correctly.
I was able to sign and set up the certificates but thats it. I cannot
seem to do much else.
First of all if I try and update my grants tables I get this error.
If I try and mysql_fix_privilege_tables I get an error that says:
error: Found option without preceding group in config file: /etc/my.cnf at
line: 1
Fatal error in defaults handling. Program aborted
my my.cnf file looks as follows.
---
cnf=
cnf=$cnf [client]
cnf=$cnf ssl-ca=$DIR/cacert.pem
cnf=$cnf ssl-cert=$DIR/client-cert.pem
cnf=$cnf ssl-key=$DIR/client-key.pem
cnf=$cnf [mysqld]
cnf=$cnf ssl-ca=$DIR/cacert.pem
cnf=$cnf ssl-cert=$DIR/server-cert.pem
cnf=$cnf ssl-key=$DIR/server-key.pem
echo $cnf | replace '
' $DIR/my.cnf
So thatÂ’s not really working currently. I was able to manage to get the
certs all signed and setup using MySQL official page. Here is the problem
though.
The MySQL site says to:
from www.mysql.org-
To test SSL connections, start the server as follows, where $DIR is the
pathname to the directory where the sample `my.cnf' option file is
located:
shell mysqld --defaults-file=$DIR/my.cnf
Then invoke a client program using the same option file:
shell mysql --defaults-file=$DIR/my.cnf
--end from www.mysql.org
If I try to do as it says, it will not let me run
mysqld --defaults-file=$DIR/my.cnf
says I cannot do this from root which is fine because I would rather not
anyways. so I modified it a bit and tried:
mysqld_safe --defaults-file=$DIR/my.cnf
I then get the error
WARNING: Defaults file '/my.cnf' not found!
So even though my.cnf is in $DIR i path it out and run:
mysqld_safe --defaults-file=/usr/local/openssl/my.cnf
This give me an error of:
[EMAIL PROTECTED] openssl]# /usr/local/mysql/bin/mysqld_safe
--defaults-file=/usr/local/openssl/my.cnf
error: Found option without preceding group in config file:
/usr/local/openssl/my.cnf at line: 1
Fatal error in defaults handling. Program aborted
error: Found option without preceding group in config file:
/usr/local/openssl/my.cnf at line: 1
Fatal error in defaults handling. Program aborted
My my.cnf file is as follows, also taken from www.mysql.org
cnf=
cnf=$cnf [client]
cnf=$cnf ssl-ca=$DIR/cacert.pem
cnf=$cnf ssl-cert=$DIR/client-cert.pem
cnf=$cnf ssl-key=$DIR/client-key.pem
cnf=$cnf [mysqld]
cnf=$cnf ssl-ca=$DIR/cacert.pem
cnf=$cnf ssl-cert=$DIR/server-cert.pem
cnf=$cnf ssl-key=$DIR/server-key.pem
echo $cnf | replace '
' $DIR/my.cnf
So, I am not sure what is up with that. Now just trying to log into the
server,
If I try to log in as root
I am able to log into mysql server now using
/usr/local/mysql/bin/mysql --defaults-file=$DIR/my.cnf -p
it then asks for a Password and I am able to get in fine.
Now root is just set normally requiring no ssl.
I did creat a user called hal that I added REQUIRE SSL; to the privileges
granting command. Now when I try to log in as hal the same way using:
/usr/local/mysql/bin/mysql --defaults-file=$DIR/my.cnf -p
I get:
[EMAIL PROTECTED] sbin]$ /usr/local/mysql/bin/mysql
--defaults-file=$DIR/my.cnf -p
Enter password:
ERROR 1045: Access denied for user: '[EMAIL PROTECTED]' (Using password: YES)
So I am not sure about that. Does this have to do with the fact that i
was not able to run
/usr/local/mysql/bin/mysqld_safe --defaults-file=/usr/local/openssl/my.cnf
?
What does that above command actually do? I know that mysqld_safe starts
the server so I assume taht the
--defaults-file=/usr/local/openssl/my.cnf
Starts the sever so it looks to the my.cnf to auth. ssl users? Anyways
any help you could give me would REALLY help. I wanted to give you as
much information as possible...thanks...
Conner
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]