MySQL SSL: SSL_CTX_set_default_verify_paths failed
- Using your valide system/service account for your database (mysql)
- set owner to this database-service-account (mysql)
- check the path valide
- check the openssl certs
- set correct and usefull access rights (mind. 0660 because of non executible files)
- check for selinux or apparmor settings! they can block the access!
The following should show file information and set correct user and RW-Rights run as root or add sudo to begin of every :
echo # show all entries of my.cnf (should 4 without # also wrong config settings)
cat /etc/mysql/my.cnf | grep ssl;
echo # Folder checkup (should list your PEM-Files)
ls -al /etc/mysql-ssl/;
echo # set all PEM-Files to user mysql
chown -R mysql:root /etc/mysql-ssl/*.pem
echo # set all PEM-Files to read-only from User (oder or use 660 )
chmod -R 600 /etc/mysql-ssl/*.pem
echo # restart mariaDB wait 5 secounds and show SSL errors
service mysql restart; sleep 5; service mysql status | grep SSL_CTX_set_default_verify_paths
I've created a separate group (ssl-certs) on my Ubuntu server, added mysql to that group and set all the rights (both folders - 0750 /files - 0640) accordingly.
If you want to make sure, that mysql can access the files, you can su to mysql and check (as root).
su --shell=/bin/bash mysql
ls -la /path/cert/is/
Don't forget to check all paths: CA, cert, private key.
sl-ca = /etc/mysql-ssl/ca-cert.pem
should be
ssl-ca = /etc/mysql-ssl/ca-cert.pem