MySQL SSL远程连接错误:无法获取私钥 [英] MySQL SSL Remote Connection Error: Unable to get Private Key
问题描述
我正在尝试编写一个PHP脚本(使用GoDaddy托管在VPS上),该脚本使用SSL连接到远程MySQL数据库(托管在Amazon EC2实例上).
I am attempting to write a PHP script (hosted on a VPS with GoDaddy) that connects to a remote MySQL database (hosted on an Amazon EC2 instance) using SSL.
我生成了一些证书(根据 http: //dev.mysql.com/doc/refman/5.0/en/creating-ssl-certs.html ),并在远程/服务器数据库上配置 my.cnf ,如下所示:
I generated some certs (as per http://dev.mysql.com/doc/refman/5.0/en/creating-ssl-certs.html) and configured my.cnf on the remote/server database like so:
[mysqld]
ssl-ca =/etc/mysql/ca-cert.pem
ssl-cert =/etc/mysql/server-cert.pem
ssl-key =/etc/mysql/server-key.pem
[client]
ssl-ca =/etc/mysql/ca-cert.pem
ssl-cert =/etc/mysql/client-cert.pem
ssl-key =/etc/mysql/client-key.pem
该配置在远程/服务器端工作(即,在远程数据库本地运行的php脚本能够使用生成的SSL证书建立连接).
The configuration is working on the remote/server side (that is, a php script running locally to the remote database is able to establish a connection using the generated SSL certs).
但是,虽然我可以在VPS上托管的PHP脚本与远程数据库之间建立不安全的连接,但是当我尝试在相同的两个系统之间建立SSL连接时却出现错误.
However, while I can make an unsecured connection between the PHP script hosted on the VPS and the remote database, I get an error when I try to establish an SSL connection between the same two systems.
如果我尝试使用以下命令通过命令行连接到远程数据库:
If I attempt to connect to the remote database via the command line using:
mysql -h hostIP --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem –u ssluser –p
我得到了错误:
ERROR 2026 (HY000): SSL connection error: Unable to get private key
当我尝试使用以下命令通过php脚本连接到服务器时,出现相同的错误:
I get the same error when I attempt to connect to the server via the php script using:
<?php
$link = mysqli_init();
$key = '/home/userName/etc/mysql/certs/client-key.pem' ;
$cert = '/home/userName/etc/mysql/certs/client-cert.pem';
$ca = '/home/userName/etc/mysql/certs/ca-cert.pem';
$capath = NULL;
$cipher = NULL;
mysqli_ssl_set ( $link , $key , $cert , $ca , $capath , $cipher );
mysqli_real_connect ($link, $host, $user, $pass, $schema, 3306, NULL, MYSQLI_CLIENT_SSL);
?>
导致错误:
(HY000/2026): SSL connection error: Unable to get private key
我已经尝试按照(forums.mysql.com/read.php?11,400856,401127)进行修复,但是进行此更改会导致分段错误".
I have already attempted a fix as per (forums.mysql.com/read.php?11,400856,401127), but making this change results in a "Segmentation fault".
我错过了一步吗?我在做什么错了?
Is there a step that I've missed? What am I doing wrong?
推荐答案
已解决:
使用
openssl rsa -in client-key.pem -out client-key2.pem
按照此网站上的说明进行操作.
as per the instructions at this website.
我改变了
$key = '/home/userName/etc/mysql/certs/client-key2.pem' ;
和
mysql -h hostIP --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key2.pem –u ssluser –p
但不是
[client]
ssl-key =/etc/mysql/client-key.pem
这篇关于MySQL SSL远程连接错误:无法获取私钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
