Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-20404

Validation of SSL server certificate failed

    XMLWordPrintable

Details

    Description

      Ich habe eine MariaDB Installation unter Debian Buster und komme mit der SSL VerschlĂĽsselung nicht weiter. Ich bin wie folgt vorgegangen:

      *sudo apt install software-properties-common dirmngr
      sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
      sudo add-apt-repository 'deb [arch=amd64] http://ftp.hosteurope.de/mirror/mariadb.org/repo/10.3/debian stretch main'
      sudo apt update
      sudo apt install mariadb-server-10.3 libmariadbclient18
      sudo apt update
      sudo apt upgrade*

      nano /etc/mysql/my.cnf
      bind-address = SERVER-IP

      sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf
      _[mysqld]
      ssl
      ssl-ca=/etc/mysql/ca_ecdsa.crt.pem
      ssl-cert=/etc/mysql/server_ecdsa.crt.pem
      ssl-key=/etc/mysql/server_ecdsa.key.pem_

      sudo nano /etc/mysql/mariadb.conf.d/50-mysql-clients.cnf
      _[mysql]
      ssl-ca=/etc/mysql/ca_ecdsa.crt.pem
      ssl-cert=/etc/mysql/client_ecdsa.crt.pem
      ssl-key=/etc/mysql/client_ecdsa.key.pem
      ssl-verify-server-cert=on_

      *sudo systemctl restart mysql
      mysql -u root -p*
      ERROR 2026 (HY000): SSL connection error: Validation of SSL server certificate failed

      Wenn ich in der 50-mysql-clients.cnf die Zertifikate herausnehme kann ich mich anmelden.

      sudo nano /etc/mysql/mariadb.conf.d/50-mysql-clients.cnf
      _[mysql]
      #ssl-ca=/etc/mysql/ca_ecdsa.crt.pem
      #ssl-cert=/etc/mysql/client_ecdsa.crt.pem
      #ssl-key=/etc/mysql/client_ecdsa.key.pem
      ssl-verify-server-cert=on_

      *sudo systemctl restart mysql
      mysql -u root -p*
      /s
      SSL: Cipher in use is TLS_AES_256_GCM_SHA384
      SHOW VARIABLES LIKE '%ssl%';
      _have_openssl | YES
      have_ssl | YES
      version_ssl_library | OpenSSL 1.1.1c 28 May 2019 _

      Ich hoffe mir kann hierbei jemand weiterhelfen.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-23740 ssl connection fails when server and client certs signed by same CA

          • Major - Major loss of function.
          • Closed

          Activity

            People

              georg Georg Richter
              e.ms e.ms
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.