如果有人能告诉我我做错了什么,那就太好了。
如果没有,我会接受任何其他解决方案来实现目标。
我需要远程插入 mysql 行。我希望它是安全的。我正在用 jruby 编写所有内容。谢谢,这是我到目前为止所做的,
我得到一个:
错误 2026 (HY000):SSL 连接错误
当远程尝试使用 ssl 访问它时:
mysql -h host -u ssl_test -p --ssl-ca=ca-cert.pem
我可以在不需要 ssl 的情况下很好地远程连接到用户。 (mysql -h host -u user -p)
我还可以通过以下方式在本地连接到该用户:
mysql -h host -u ssl_test -p --ssl-ca=ca-cert.pem
ca-cert.pem 相同,ssl_test 的权限为:
+--------------+----------------+----------+
| Host | User | ssl_type |
+--------------+----------------+----------+
| % | ssl_test | ANY |
我生成了 ca-cert 和 server-cert:
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
直接来自 http://dev.mysql.com/doc/mysql-security-excerpt/5.0/en/secure-create-certs.html
我也尝试为 x509 创建客户端内容,但它返回相同的错误。
最佳答案
您是否为服务器证书和客户端证书使用了相同的公用名? http://orensol.com/2010/06/21/error-2026-hy000-ssl-connection-error-the-solution/
One thing to check is if your client certificate and server certificate have the same common name. You’ve probably went through the certificate generation procedure, and (like I did) just entered the same common name for both without noticing.
This is a nasty error message that doesn’t tell you anything, and there’s nothing in the error log to imply what went wrong. So remember – when generating your own certificates for a mysql server, use different common names for client and server!
关于mysql远程ssl,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/4362453/