Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-1535

Maxscale Docs for SSL Configuration

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • 2.1.11
    • readwritesplit
    • None
    • CentOS 7.2

    Description

      Folks,

      I found two errors when configuring Maxscale with SSL for ReadWriteSplit. We need to add the client certificates to the defined listener and the same client certificates for each server's file you added dynamically to Maxscale 2.1.10:

      [root@maxscale maxscale.cnf.d]# cat rwsplit-listener.cnf
      		 
      [rwsplit-listener]
      		 
      type=listener
      		 
      protocol=MySQLClient
      		 
      service=rwsplit-service
      		 
      address=0.0.0.0
      		 
      port=4006
      		 
      authenticator=MySQLAuth
      		 
      #authenticator=MySQL
      		 
      ssl=required
      		 
      ssl_cert=/etc/my.cnf.d/certs/client-cert.pem
      		 
      ssl_key=/etc/my.cnf.d/certs/client-key.pem
      		 
      ssl_ca_cert=/etc/my.cnf.d/certs/ca-cert.pem
      		 
      ssl_version=TLSv12
      		 
      ssl_cert_verify_depth=9
      		 
      [root@maxscale maxscale.cnf.d]# cat prod_mariadb0*
      		 
      [prod_mariadb01]
      		 
      type=server
      		 
      protocol=MySQLBackend
      		 
      address=192.168.50.11
      		 
      port=3306
      		 
      authenticator=MySQLBackendAuth
      		 
      ssl=required
      		 
      ssl_cert=/etc/my.cnf.d/certs/client-cert.pem
      		 
      ssl_key=/etc/my.cnf.d/certs/client-key.pem
      		 
      ssl_ca_cert=/etc/my.cnf.d/certs/ca-cert.pem
      		 
      ssl_version=TLSv12
      		 
      ssl_cert_verify_depth=9
      		 
      [prod_mariadb02]
      		 
      type=server
      		 
      protocol=MySQLBackend
      		 
      address=192.168.50.12
      		 
      port=3306
      		 
      authenticator=MySQLBackendAuth
      		 
      ssl=required
      		 
      ssl_cert=/etc/my.cnf.d/certs/client-cert.pem
      		 
      ssl_key=/etc/my.cnf.d/certs/client-key.pem
      		 
      ssl_ca_cert=/etc/my.cnf.d/certs/ca-cert.pem
      		 
      ssl_version=TLSv12
      		 
      ssl_cert_verify_depth=9
      		 
      [prod_mariadb03]
      		 
      type=server
      		 
      protocol=MySQLBackend
      		 
      address=192.168.50.13
      		 
      port=3306
      		 
      authenticator=MySQLBackendAuth
      		 
      ssl=required
      		 
      ssl_cert=/etc/my.cnf.d/certs/client-cert.pem
      		 
      ssl_key=/etc/my.cnf.d/certs/client-key.pem
      		 
      ssl_ca_cert=/etc/my.cnf.d/certs/ca-cert.pem
      		 
      ssl_version=TLSv12
      		 
      ssl_cert_verify_depth=9

      The issues I found in the docs:

      Thanks a look forward to hear from you.

      Attachments

        Activity

          People

            markus makela markus makela
            wagnerbianchi Wagner Bianchi (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.