LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-17-2010, 07:15 AM   #1
ajayan
Member
 
Registered: Dec 2007
Posts: 89

Rep: Reputation: 16
Enabling SSL in MySQL Replication (have_ssl DISABLED)


Hi Guys,
I had tried to configure MySQL replication through SSL.As part of it i had modified my servers my.cnf with following contents under [mysqld] section,
ssl-ca=/etc/mysql/cert/ca-cert.pem
ssl-cert=/etc/mysql/cert/server-cert.pem
ssl-key=/etc/mysql/cert/server-key.pem

and i had restarted Mysql.

But still....
mysql> show variables like '%ssl%';
+---------------+----------+
| Variable_name | Value |
+---------------+----------+
| have_openssl | DISABLED |
| have_ssl | DISABLED |

and when i tried , mysqld --ssl --help
root@Server:/etc/mysql/certs# mysqld --ssl --help

100916 7:09:33 [Note] Plugin 'FEDERATED' is disabled.
mysqld Ver 5.1.41-3ubuntu12.6-log for debian-linux-gnu on i486 ((Ubuntu))
Copyright (C) 2000-2008 MySQL AB, by Monty and others
Copyright (C) 2008 Sun Microsystems, Inc.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL license

Starts the MySQL database server

Usage: mysqld [OPTIONS]

For more help options (several pages), use mysqld --verbose --help


How can i enable SSL support in Mysql

Thanks,
Ajayan
 
Old 09-17-2010, 07:27 AM   #2
quanta
Member
 
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724

Rep: Reputation: 100Reputation: 100
How did you generate CA, server and client cert?
 
Old 09-17-2010, 07:28 AM   #3
ajayan
Member
 
Registered: Dec 2007
Posts: 89

Original Poster
Rep: Reputation: 16
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem
openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
 
Old 09-17-2010, 08:09 AM   #4
ajayan
Member
 
Registered: Dec 2007
Posts: 89

Original Poster
Rep: Reputation: 16
When i set just "ssl' in my.cnf,have_openssl and have_ssl is enabled.But whenever i set path for keys in my.cnf,then its showing disabled..

Any suggestion

Ajayan

Last edited by ajayan; 09-17-2010 at 08:21 AM.
 
Old 09-17-2010, 11:17 AM   #5
quanta
Member
 
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724

Rep: Reputation: 100Reputation: 100
Quote:
Originally Posted by ajayan View Post
Hi Guys,
I had tried to configure MySQL replication through SSL.As part of it i had modified my servers my.cnf with following contents under [mysqld] section,
ssl-ca=/etc/mysql/cert/ca-cert.pem
ssl-cert=/etc/mysql/cert/server-cert.pem
ssl-key=/etc/mysql/cert/server-key.pem

and i had restarted Mysql.

But still....
mysql> show variables like '%ssl%';
+---------------+----------+
| Variable_name | Value |
+---------------+----------+
| have_openssl | DISABLED |
| have_ssl | DISABLED |

and when i tried , mysqld --ssl --help
root@Server:/etc/mysql/certs# mysqld --ssl --help
Which location did you put your CA, server and client cert, /etc/mysql/cert or /etc/mysql/certs? Did you check the /var/log/mysqld.log?
 
Old 09-18-2010, 05:25 AM   #6
ajayan
Member
 
Registered: Dec 2007
Posts: 89

Original Poster
Rep: Reputation: 16
Thanks for your time,
At last problem resolved.I have to set mysql:mysql permission for the .pem certificates.


Thanks,
Ajayan
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Mysql replication failed after mysql reboot ajayan Linux - Newbie 8 09-08-2010 12:00 PM
LXer: How To Set Up MySQL Database Replication With SSL Encryption On CentOS 5.4 LXer Syndicated Linux News 0 02-18-2010 08:50 PM
LXer: How To Set Up MySQL Database Replication With SSL Encryption On Ubuntu 9.10 LXer Syndicated Linux News 0 02-09-2010 10:30 AM
Ldap replication using TLS/SSL jitender.rajpal Linux - Networking 0 10-18-2006 08:59 AM
Enabling Disabled Kernel Option SMurf7 Linux - Newbie 2 03-02-2006 02:58 PM


All times are GMT -5. The time now is 06:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration