I'm using certbot to generate a certificate for mariadb server and client ,but it's not working.
sudo certbot certonly -d mariadbserver -d mariadbuser
This is the command that i've used to generate certificates using certbot, I've got 4 files for both mariadbserver and mariadbuser . cert.pem,chain.pem,fullchain.pem,privkey.pem.
For the above 8 files i've created one certificates folder in /etc/my.cnf.d/certificates,First i've copied server files to this folder and renamed it for better understanding similarly did the same thing to client files also. my folder looks like
client-cert.pem client-chain.pem client-fullchain.pem client-privkey.pem server-cert.pem server-chain.pem server-fullchain.pem server-privkey.pem
then i executed
sudo chown -R mysql. /etc/my.cnf.d/certificates
I have added below snippets in server configuration i.e /etc/my.cnf
[mariadb]
ssl-ca= /etc/my.cnf.d/certificates/server-chain.pem
ssl-cert= /etc/my.cnf.d/certificates/server-cert.pem
ssl-key= /etc/my.cnf.d/certificates/server-privkey.pem
[client-mariadb]
ssl-ca= /etc/my.cnf.d/certificates/client-chain.pem
ssl-cert= /etc/my.cnf.d/certificates/client-cert.pem
ssl-key= /etc/my.cnf.d/certificates/client-privkey.pem
Then i've restarted mariadb server using sudo service mariadb restart.But after doing this when i login to mariadb, cipher is showing not in use.
I tried to combine cert as cat server-cert.pem client-cert.pem > ca-cert.pem and use it in ssl-ca= /etc/my.cnf.d/certificates/ca-cert.pem for both server and client CA. That's not working for me.
what should i do? am i doing anything wrong in the above steps.please help
