Differences

This shows you the differences between two versions of the page.

--- mysql:troubleshoot_mysql_ssl_replication_problems [2016/11/21 10:28] – peter
+++ mysql:troubleshoot_mysql_ssl_replication_problems [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 20: / Line 20: @@
 Some MySQL selections don't support the PKCS#8 format.
+<code>
 -----BEGIN PRIVATE KEY-----
-This occurs when keys are generated with OpenSSL 1.0+. To fix this issue you simply convert the key to PKCS#1 format:
+</code>
+This occurs when keys are generated with OpenSSL 1.0+.  To fix this issue simply convert the key to PKCS#1 format:
+<code bash>
 openssl rsa -in pkcs8-key.pem -out pkcs1-key.pem
+</code>
 You should now see:
+<code>
 -----BEGIN RSA PRIVATE KEY-----
-Keep in mind you can’t just simply insert “RSA” into the PKCS#8 format. It won’t work! They’re different formats altogether. You can verify the certs/keys:
+</code>
+Keep in mind you can't just simply insert “RSA” into the PKCS#8 format.  It won’t work!  They’re different formats altogether.  You can verify the certs/keys:
+<code bash>
 openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
-Additional troubleshooting tips:
+</code>
-Make sure both servers have SSL enabled. Make sure the master_ssl_ca has the entire CA chain or it won’t work!
+===== Additional troubleshooting tips =====
+Make sure both servers have SSL enabled.  Make sure the master_ssl_ca has the entire CA chain or it won't work!
+<file bash /etc/my.cnf>
-# /etc/my.cnf
 ssl-ca                 = /etc/mysql-ssl/chain-cert.pem
 ssl-cert               = /etc/mysql-ssl/STAR_example_net.pem
 ssl-key                = /etc/mysql-ssl/wildcard-cert.pem
+</file>
+<code mysql>
 mysql> show variables like "%ssl%";
 +---------------+-------------------------------------------------------+
@@ Line 67: / Line 61: @@
 | have_openssl  | YES                                                   |
 | have_ssl      | YES                                                   |
-| ssl_ca        | /etc/mysql-ssl/COMODO-chained.pem |
+| ssl_ca        | /etc/mysql-ssl/COMODO-chained.pem                     |
 | ssl_capath    |                                                       |
-| ssl_cert      | /etc/mysql-ssl/STAR_example_net.pem                  |
+| ssl_cert      | /etc/mysql-ssl/STAR_example_net.pem                   |
 | ssl_cipher    |                                                       |
 | ssl_crl       |                                                       |
 | ssl_crlpath   |                                                       |
-| ssl_key       | /etc/mysql-ssl/wildcard-cert.pem                  |
+| ssl_key       | /etc/mysql-ssl/wildcard-cert.pem                      |
 +---------------+-------------------------------------------------------+
+</code>
 If you run into this error: “Slave failed to initialize relay log info structure from the repository” you just need to run “RESET SLAVE;”
 Make sure your firewalls have Port 3306 (or whatever port you’re using) open.
 Make sure secure_auth is on:
+<code mysql>
 show variables like "secure_auth";
 +---------------+-------+
@@ Line 91: / Line 84: @@
 | secure_auth   | ON    |
 +---------------+-------+
+</code>
 Make sure you’re granting the correct permissions:
+<code mysql>
 GRANT REPLICATION SLAVE ON *.* TO slave_user@slave.example.net IDENTIFIED BY 'SecretPassw0rd' REQIURE SSL;
+</code>
 You should have master_ssl set to 1:
+<code mysql>
+change master to
- change master to
 	master_host='master.example.com',
 	master_user='slave=user',
@@ Line 117: / Line 105: @@
 	master_ssl_cert='/etc/mysql-ssl/STAR_example_net.pem',
 	master_ssl_key='/etc/mysql-ssl/wildcard-cert.pem'
+</code>