获取Mysql2 ::错误（SSL连接错误：ASN：糟糕的其他签字确认）在Heroku应用程序使用AWS RDS [英] Getting Mysql2::Error (SSL connection error: ASN: bad other signature confirmation) on Heroku App with AWS RDS

问题描述

Mysql2 ::错误（SSL连接错误：ASN：糟糕的其他签字确认）：

我想提出一个管理网站。环境是Rails的4.2和Ruby 2.2，连接AWS RDS与Heroku的服务器。 我不知道为什么收到此错误。这突然出现。我找不到比这以外的任何错误。虽然我通过我的codeS前两天，我得到这个错误这个时候。（我还没有接触过这个code，而两天。） 你拿出任何想法来解决这个问题？

I am making an administration site. The environment is Rails 4.2 and Ruby 2.2, connecting AWS RDS with Heroku server. I don't know why getting this error. It suddenly appeared. I can't find any errors other than this. Although I passed my codes two days ago, I got this error this time.(I haven't touched this code while the two days.) Do you come up with any ideas to solve this problem?

谢谢！

推荐答案

对于我来说，这不得不做的RDS SSL证书旋转发生在2015年4月3日。

For me, this had to do with the RDS SSL Certificate Rotation that happened on April 3rd, 2015.

不过，在我的情况下，只使用根证书没有工作，我不得不使用一个中间证书为我地区也是如此。联系方式：

However, in my case, just using the root certificate did not work, and I had to use a intermediate certificate for my region as well. Details:

1. 进入到AWS RDS控制台，然后重新启动RDS实例。

2. 下载新的根证书<一href="https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem">https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem.把它放进你的应用程序的config目录下。

1. Go into the AWS rds console and reboot your RDS instance.

2. Download the new root certificate https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem. Put it into the config directory of your app.

下载的中间证书为你的数据库区域 这里。我不得不使用美国东一个，但你必须挑选适合您的区域。

Download the intermediate certificate for your database region here. I had to use the US east one, but you will have to pick the one for your region.

这是关键的一步。需要在中间证书和根证书组合到一个文件中，以便将中间证书是根证书以上，形成了证书链。打开使用文本编辑器的中间证书，复制它的内容，并把它们粘贴到配置/ RDS-CA-2015-root.pem，在上面，上面的​​根cetrtificate。所以，你在完成后，配置/ RDS-CA-2015-root.pem应该是中间证书和根证书，都在这个文件中。

This is the key step. You need to combine the intermediate certificate and the root certificate into one file so that the intermediate certificate is above the root certificate, forming a certificate chain. Open the intermediate certificate using a text editor, copy its contents, and paste them into config/rds-ca-2015-root.pem, on top, above the root cetrtificate. So, after you are done, config/rds-ca-2015-root.pem should be the intermediate certificate followed by the root certificate, all in this file.

获取当前的数据库的URL Heroku的配置 然后找了DATABASE_URL财产

Get your current database url heroku config and then look for the DATABASE_URL property

更​​新为使用新的证书文件数据库的URL。所有你应该改变的是证书的名称（因为它现在叫 RDS-CA-2015-root.pem）
Heroku的配置：添加DATABASE_URL =mysql2：// DB_NAME：DB_PASSWORD @ DB_URL / DB_NAME sslca =配置/ RDS-CA-2015-root.pem

Update your database URL to use the new certificate file. All you should have to change is the name of the certificate (since its now called rds-ca-2015-root.pem)
heroku config:add DATABASE_URL="mysql2://DB_NAME:DB_PASSWORD@DB_URL/DB_NAME?sslca=config/rds-ca-2015-root.pem"

提交更改并重新部署到Heroku上。 祝你好运！

Commit the changes and redeploy to Heroku. Good luck!

这篇关于获取Mysql2 ::错误（SSL连接错误：ASN：糟糕的其他签字确认）在Heroku应用程序使用AWS RDS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！