01 February 2010

SSL and mysql

When setting up SSL replication with MySQL using a self-signed certificate, be sure that:
  • The CA certificate is world-readable on the server, and
  • ...that you copy the CA cert to the client and specify the path to the cert file with --ssl-ca=/path/to/cacert.pem.
If you do not, you may get the cryptic "ERROR 1045 (28000): Access denied for user 'user'@'host' (using password: YES)", rather than the more specific "ERROR 2026 (HY000): SSL connection error."

Starting a replication slave will look something like this:

change master to master_host='master.example.com', master_user='sslrepl', master_password='password', master_log_file='mysql-bin.000009', master_log_pos=12345, master_ssl=1, MASTER_SSL_CA='/etc/mysql/certs/ca-cert.pem';

No comments:

Post a Comment

About Me

blog at barillari dot org Older posts at http://barillari.org/blog