我正在尝试在WHM服务器上为mysql设置SSL。我一直在关注official cPanel documentation,但是遇到了问题。我已经创建了所有证书和密钥,将所有者设置为mysql,并将指定的行添加到my.cnf文件中,但是在重新启动mysql并运行以下命令后,它将出现此错误:
root@euk-92874 [~]# mysql -e "show variables like '%ssl%';"
ERROR 2026 (HY000): SSL connection error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
这是my.cnf文件(我尝试过在路径之间加上或不带有'引号):
# This group is read both both by the client and the server
# use it for options that affect everything
#
#[client-server]
#
# include all files from the config directory
#
#!includedir /etc/my.cnf.d
[mysqld]
default-storage-engine=MyISAM
open_files_limit=10000
local-infile=0
datadir=/var/lib/mysql
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
#symbolic-links=0
max_user_connections=200
max_connections=500
interactive_timeout=300
wait_timeout=200
join_buffer_size = 128M
connect_timeout=300
#group_concat_max_len=2;
max-allowed-packet = 32M
max-connect-errors = 1000000
### INNODB
#innodb_buffer_pool_size=1000M
innodb_flush_log_at_trx_commit=1
innodb_file_per_table=1
## You may want to tune the below depending on number of cores and disk sub
innodb_write_io_threads=4
#innodb_io_capacity=20000
#innodb_io_capacity_max=40000
innodb_doublewrite=1
innodb_log_file_size=512M
innodb_log_files_in_group=2
innodb_buffer_pool_instances=2
innodb_thread_concurrency=16
## avoid statistics update when doing e.g show tables
innodb_stats_on_metadata=0
innodb_file_format=barracuda
innodb_flush_method = O_DIRECT
#REPLICATION SPECIFIC _ GENERAL
#server_id must be unique across all mysql servers participating in replication.
#OTHER THINGS, BUFFERS ETC
key_buffer_size = 256M
sort_buffer_size = 512K
read_buffer_size = 4M
read_rnd_buffer_size = 12M
myisam_sort_buffer_size = 64M
skip_name_resolve
table_cache = 750M
query_cache_limit = 30M
query_cache_size = 48M
tmp_table_size = 512M
max_heap_table_size = 256M
memlock=0
sysdate_is_now=1
max_connections=2000
thread_cache_size=256M
query_cache_type = 2
table_open_cache=1024
lower_case_table_names=0
thread_concurrency = 4
max_allowed_packet=268435456
ssl
ssl-cipher=DHE-RSA-AES256-SHA
ssl-ca='/mysql_keys/ca-cert.pem'
ssl-cert='/mysql_keys/server-cert.pem'
ssl-key='/mysql_keys/server-key.pem'
[mysqldump]
quick
max_allowed_packet = 512M
[mysql]
no-auto-rehash
[client]
ssl
ssl-cert='/mysql_keys/client-cert.pem'
ssl-key='/mysql_keys/client-key.pem'
[myisamchk]
key_buffer = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M
[mysqld_safe]
#log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
证书和密钥在文件夹中:
root@euk-92265 [~]# ls -la /mysql_keys
total 40
drwxr-xr-x 2 mysql mysql 4096 May 11 09:00 ./
drwxr-xr-x. 23 root root 4096 May 11 09:35 ../
-rw-r--r-- 1 mysql mysql 1472 May 11 08:54 ca-cert.pem
-rw-r--r-- 1 mysql mysql 1679 May 11 08:53 ca-key.pem
-rw-r--r-- 1 mysql mysql 1346 May 11 08:57 client-cert.pem
-rw-r--r-- 1 mysql mysql 1675 May 11 08:57 client-key.pem
-rw-r--r-- 1 mysql mysql 1123 May 11 08:57 client-req.pem
-rw-r--r-- 1 mysql mysql 1346 May 11 08:56 server-cert.pem
-rw-r--r-- 1 mysql mysql 1675 May 11 08:56 server-key.pem
-rw-r--r-- 1 mysql mysql 1155 May 11 08:56 server-req.pem
我也会提供日志,但是我不确定在哪里可以找到它。有人有什么想法吗?
最终是因为两个证书使用的都是完全相同的详细信息,并且彼此冲突。