Skip to Content

Troubleshooting Mysql SSL in Secondary node

Troubleshooting and Verifying Mysql SSL In Secondary node

 

While doing the installation of the slave with MySQL SSL you may come up with "Do you want to use a secure MySQL connection?", then you need to check the following:-

1. If you are giving yes you need to specify the path of the certs that need to be connected to the master node. You can confirm that by manually connecting to the master node along with SSL. You can use the below command.

root@slave:~# mysql -u ezlogin_database_username -p -h hostname or ip --ssl-ca=/var/lib/mysql/ca.pem --ssl-cert=/var/lib/mysql/client-cert.pem --ssl-key=/var/lib/mysql/client-key.pem

For example:

root@slave:~# mysql -u ezlogin_xxxx -p -h 10.11.1.11 --ssl-ca=/var/lib/mysql/ca.pem --ssl-cert=/var/lib/mysql/client-cert.pem --ssl-key=/var/lib/mysql/client-key.pem

Make sure that you are able to log in to MySQL of the slave as root user and also from slave to master with Ezeelogin database username and password with SSL.

2. If you are giving no continue with the installation and after that, you can configure MySQL SSL with the following articles:

3. Connect MySQL with the database name and SSL in the below cases so that the master and slave are secure. A successful connection to MySQL SSL will take place if all cases are met.

i.From master to master itself with the below command.

root@master ~]# mysql -u ezlogin_database_username -p -h master_ip --ssl-ca=/etc/certs/ca.pem --ssl-cert=/etc/certs/client-cert.pem --ssl-key=/etc/certs/client-key.pem

ii.From master to slave with the below command

root@master ~]# mysql -u ezlogin_database_username -p -h slave_ip --ssl-ca=/etc/certs/ca.pem --ssl-cert=/etc/certs/client-cert.pem --ssl-key=/etc/certs/client-key.pem

iii.From slave to slave itself with the below command

root@slave ~]# mysql -u ezlogin_database_username -p -h slave_ip --ssl-ca=/etc/certs/ca.pem --ssl-cert=/etc/certs/client-cert.pem --ssl-key=/etc/certs/client-key.pem

iv.From slave to master with the below command.

root@slave ~]# mysql -u ezlogin_database_username -p -h maste_ip --ssl-ca=/etc/certs/ca.pem --ssl-cert=/etc/certs/client-cert.pem --ssl-key=/etc/certs/client-key.pem

If above cases works, then you need to add the below lines in ez.conf file in both master and slave nodes.

Edit the /usr/local/etc/ezlogin/ez.conf file add the following

system_folder /var/www/ezlogin/
force_https no
uri_path /ezlogin/
db_host 10.10.1.11
db_port 3306
db_name ezlogin_qzms
db_user ezlogin_edcjwz
db_pass dsH)$s5xAE[QgFms
db_prefix aqvo_
cookie_encryption_key ASvs8^pnu^^X9
cookie_name lcrrfs
cookie_path /ezlogin/
www_folder /var/www/html/ezlogin/
admin_user admin
mysql_encrypt yes
mysql_ssl_key /etc/certs/client-key.pem
mysql_ssl_cert /etc/certs/client-cert.pem
mysql_ssl_ca /etc/certs/ca.pem
mysql_ssl_capath /etc/certs/
mysql_ssl_verify no

After adding the above lines in ez. conf, master and slave node connection will be secure.