MySQL ERROR 2026 (HY000): SSL connection error

Question

I have enabled SSL on MySQL 5.1.52 on CentOS 6.0 using the following guide: http://www.madirish.net/node/244

I have followed the instructions correctly but I am running into the following error when I try to connect from the client server:

[root@mta mysql]# mysql -u ssluser -h 10.178.234.142 -p ssldb
Enter password:
ERROR 2026 (HY000): SSL connection error

I have been doing some research and have found that you need to use different Common Names. I realized that I had used the same ones the first time around so I went back and redid all the steps in the guide but I'm still getting the same error.

I have also tried using the following ways to login to the server to no avail:

[root@mta mysql]# mysql --ssl --ssl-ca=/etc/ssl/mysql/client.cert -u ssluser -h 10.178.234.142 -p ssldb
Enter password:
ERROR 2026 (HY000): SSL connection error

[root@mta mysql]# mysql --ssl --ssl-ca=/dev/null -u ssluser -h 10.178.234.142 -p ssldb
Enter password:
ERROR 2026 (HY000): SSL connection error

Any error messages on the server side? – Giovanni Toraldo Feb 06 '12 at 21:56 — Giovanni Toraldo, Feb 06 '12 at 21:56

score 2 · Accepted Answer · answered Feb 01 '12 at 22:03

It looks like you are specifying the client certificate instead of the CA certificate. I am assuming you have your certificates stored in /etc/ssl/mysql and you have created a CA certificate, and a client certificate and key. You need to specify --ssl-cert=/etc/ssl/mysql/client.cert --ssl-ca=/etc/ssl/mysql/CA.cert --ssl-key=/etc/ssl/mysql/client-key

I am also assuming you have specified the server key and certs in the my.cnf file in the [mysqld] section, and restarted the server. You can also specify the client key and certs in the my.cnf in the [client] section and not have to specify them on the command line.

Here is a good HOWTO for creating the keys and certs that works: http://www.chriscalender.com/?p=448

MySQL ERROR 2026 (HY000): SSL connection error

1 Answers1