Config is in /etc/mysql/mysql.conf.d/mysqld.cnf default disabled: /etc/mysql/mysql.conf.d/mysqld.cnf:103:# ssl-ca=/etc/mysql/cacert.pem /etc/mysql/mysql.conf.d/mysqld.cnf:104:# ssl-cert=/etc/mysql/server-cert.pem /etc/mysql/mysql.conf.d/mysqld.cnf:105:# ssl-key=/etc/mysql/server-key.pem
I confirm that the permissions keys are created are root only: # ll /var/lib/mysql/server-key.pem -rw------- 1 root root 1675 May 10 07:29 /var/lib/mysql/server-key.pem Actually that is just the default of the tool as it comes from upstream And it has parameters for all you need: Adding --uid mysql would make it do what you want. If the defaults of the upstream tool should be changed that would IMHO be an upstream bug. Unfortunately the user set up to use is not part of the ./configure call so I'm not sure how it would know. wishlist from Ubuntu perspective, if you happen to file an upstream bug to change the default pelse mention it here so it can be tracked. ** Changed in: mysql-5.7 (Ubuntu) Status: New => Confirmed ** Changed in: mysql-5.7 (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1828407 Title: mysql_ssl_rsa_setup generates server-key.pem inacessible by mysqld To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1828407/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs