Cant connect to mysql using self signed SSL certificate
- by carpii
After creating a self-signed SSL certificate, I have configured my remote mysqld to use them (and ssl is enabled)
I ssh into my remote server, and try connecting to its own mysqld using ssl (mysql server is 5.5.25)..
~> mysql -u <user> -p --ssl=1 --ssl-cert=client.cert --ssl-key=client.key --ssl-ca=ca.cert
Enter password:
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
Ok, I remember reading theres some problem with connecting to the same server via SSL.
So I download the client keys down to my local box, and test from there...
~> mysql -h <server> -u <user> -p --ssl=1 --ssl-cert=client.cert --ssl-key=client.key --ssl-ca=ca.cert
Enter password:
ERROR 2026 (HY000): SSL connection error
Its unclear what this "SSL connection error" error refers to, but if I omit the -ssl-ca, then I am able to connect using SSL..
~> mysql -h <server> -u <user> -p --ssl=1 --ssl-cert=client.cert --ssl-key=client.key
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 37
Server version: 5.5.25 MySQL Community Server (GPL)
However, I believe that this is only encrypting the connection, and not actually verifying the validity of the cert (meaning I would be potentially vulnerable to man-in-middle attack)
The ssl certs are valid (albeit self signed), and do not have a passphrase on them
So my question is, what am I doing wrong?
How can I connect via SSL, using a self signed certificate?
MySQL Server version is 5.5.25 and the server and clients are Centos 5
Thanks for any advice
Edit: Note that in all cases, the command is being issued from the same directory where the ssl keys reside (hence no absolute path)