We've got a client application that connects to our online MySQL database (5.1.44-community-log) thru a ODBC connector (the server is a managed* dedicated webserver). This works very nice. However I can't get it to work using SSL. This is what I've done so far:

我们有一个客户端应用程序连接到我们的在线MySQL数据库(5.1.4 -community-log)，通过ODBC连接器(服务器是一个托管的专用webserver)。这是很好。但是，我不能让它使用SSL。这就是我迄今为止所做的:

1. MySQL server

1。MySQL服务器

I've got the server manager* set up MySQL with SSL, this is 'proven by':

我有服务器管理器*用SSL设置MySQL，这是“经过验证的”:

mysql> SHOW VARIABLES LIKE '%ssl%';

which results is this response:

其结果是:

+---------------+---------------------------------+
| Variable_name | Value                           |
+---------------+---------------------------------+
| have_openssl  | YES                             |
| have_ssl      | YES                             |
| ssl_ca        | /***/mysql-cert/ca-cert.pem     |
| ssl_capath    |                                 |
| ssl_cert      | /***/mysql-cert/server-cert.pem |
| ssl_cipher    |                                 |
| ssl_key       | /***/mysql-cert/server-key.pem  |
+---------------+---------------------------------+

Question: is the server configured right? I'm guessing it is...

问:服务器配置正确吗?我猜它是……

2. Certificates

2。证书

I've purchased real certificates (via my server manager). These are in the directory shown above. I've also downloaded the client-cert.pem, client-key.pem and ca-cert.pem from that directory.

我已经购买了真正的证书(通过我的服务器管理员)。这些在上面显示的目录中。我还下载了客户证书。pem,client-key。pem和ca-cert。pem的目录。

3. MySQL user with REQUIRE [SSL|X509]

3所示。有需要的MySQL用户[SSL|X509]

I've created a new user and then granted it access from any location (for testing) with SSL:

我创建了一个新用户，然后允许它通过SSL访问任何位置(用于测试):

GRANT USAGE ON *.* TO 'somevaliduser'@'%' IDENTIFIED BY PASSWORD 'somevalidpass' REQUIRE X509 

4. ODBC Client

4所示。ODBC客户端

I've (just downloaded and) installed : mysql-connector-odbc-5.1.8-winx64.msi (64-bit) as my machine is a 64-bit Windows 7 machine (so that's not what's wrong).

我已经安装了:mysql-connector-odbc-5.1.8-winx64。因为我的机器是64位的Windows 7机器(所以这不是错误的)。

And I've created a User DSN configuring it like this (no options set on tabs), which shows it connecting to the server (however not using - nor requesting to do so - SSL) successfully (using some valid user which doesn't requires SSL):

我已经创建了一个用户DSN，这样配置它(选项卡上没有设置选项)，它显示它连接到服务器(但是没有使用- SSL)成功(使用一些不需要SSL的有效用户):

So the connection is able to establish, now try using SSL.

因此，连接可以建立，现在尝试使用SSL。

This is configured like this, which is like I've read about on MySQL.com. So I'm not 100% sure the options set are right.

这是这样配置的，就像我在MySQL.com上看到的。所以我不能百分之百地确定这些选项是正确的。

As you can see it results in a error HY000. Turning on tracing (within the ODBC configuration) also shows this error.

正如您所看到的，它导致了一个错误HY000。打开跟踪(在ODBC配置中)也显示了这个错误。

Can anyone give me a hint on how to make this work? Even if you know about just a part of the solution?

谁能给我一个关于如何做这项工作的提示?即使你知道解决方案的一部分?

2 个解决方案

mysql -u root -p --ssl-ca=/etc/mysql/ca-cert.pem --ssl-cert=/etc/mysql/client-cert.pem --ssl-key=/etc/mysql/client-key.pem  --protocol=tcp

#1

#2

mysql -u root -p --ssl-ca=/etc/mysql/ca-cert.pem --ssl-cert=/etc/mysql/client-cert.pem --ssl-key=/etc/mysql/client-key.pem  --protocol=tcp