SSL Certificate failed with MySQL SSL
Troubleshooting SSL Certificate Verification Failures in MySQL
Overview: This article describes how to troubleshoot SSL certificate verification failures in MySQL, including certificate verification, SSL/TLS settings, and credential checks.
:~# mysql -u ezlogin_cxn -p -h 192.168.56.124 --ssl-ca=/etc/certs/ca.pem --ssl-cert=/etc/certs/client-cert.pem --ssl-key=/etc/certs/client-key.pem
Enter password:
ERROR 2026 (HY000): SSL connection error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
1. If you are getting the above error check and verify the generated certificates by the following command:
[root@gateway ~]# openssl verify -CAfile ca.pem server-cert.pem client-cert.pem
server-cert.pem: OK
client-cert.pem: OK
2. Make sure that the Common Name value used for the server and client certificates/keys should differ from the Common Name value used for the CA Certificate.
3. Check the state of the SSL/TLS variables by typing:
mysql> SHOW VARIABLES LIKE '%ssl%';
Output
+---------------+----------------+
| Variable_name | Value |
+---------------+----------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | Ca.pem |
| ssl_capath | |
| ssl_cert | server-cert.pem|
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | server-key.pem |
+---------------+----------------+
9 rows in set (0.01 sec)
4. Make sure that you have used your Ezeelogin database username, hostname, and password in the below command:
:~# mysql -u ezlogin_xxxx -p -h 10.11.1.11 --ssl-ca=/etc/certs/ca.pem --ssl-cert=/etc/certs/client-cert.pem --ssl-key=/etc/certs/client-key.pem
Replace ezlogin_xxxx with your Ezeelogin database username.
Ezeelogin database credentials such as db_name, db_username & db_password will be displayed on installation screen[reviewsettings]) or you can refer the article to retrieve Ezeelogin database credentials.
Related Articles: