I just spent a fair amount of time setting up MySQL replication between two servers encrypted by SSL (using MySQL 5.1.73).
I struggled with fixing a nasty error displayed only as ‘ERROR 2026 (HY000): SSL connection error‘.
In the following, I have collected a few possible strategies for resolving this error:
- Is the password for the user on your server shorter than 36 characters?
- Do the *.pem files on the server and client have the right file permissions?
- Do your client and server certificates use a different COMMON NAME?
- Have you tried a basic SSL setup with only certificate authority certificate (e.g. ca-cert.pem), server certificate (e.g. server-cert.pem) and server key (e.g. server-key.pem) (see). In theory, client certificates are not required for a basic setup.
- Have you tested your certificates with a simple openssl HTTP server (see)?
- Is your private key in the PKCS#1 format (file starts with ‘—–BEGIN RSA PRIVATE KEY—–‘)? (see, see)
- Did you generate your certificates with TinyCA with the default settings?
Did you try connecting to the server WITHOUT using the certificate authority certificate (e.g. ca-cert.pem) BUT WITH specifying a client certificate and key?
- mysql –ssl –ssl-cert=[client_cert] –ssl-key=[client_key] -u[ssluser] -h[server] -p[ssluser psw]
- Is your certificate ‘simple enough’ for the MySQL SSL implementation e.g. not a chained certificate tree? (see) Or did you use a wildcard certificate (which are not supported) (see).
Good luck 🙂