使用SSL拒绝对MySQL远程连接尝试的访问
[英]Access denied to MySQL remote connection attempt using SSL
问题描述
I've setup a MySQL server v5.5.41 for SSL and I'm to trying to connect it remotely. 
我已经为SSL设置了MySQL服务器v5.5.41,并且打算尝试远程连接它。 I've created the SSL certs, keys, created a user and granted privileges like this: 我创建了SSL证书,密钥,创建了用户并授予了如下特权:
GRANT SELECT ON mydb.* TO 'myuser'@'xxx.xxx.xxx.xxx' require x509;
I've updated the my.cnf file on the server like: 我已经更新了服务器上的my.cnf文件,如下所示:
ssl-ca = /etc/mysql/certs/ca.pem
ssl-cert = /etc/mysql/certs/server-cert.pem
ssl-key = /etc/mysql/certs/server-key.pem
I've done the same with the client pem files (and ca.pem ), adding them to my.cnf (under the client section). 我对客户端pem文件(和ca.pem )进行了相同的操作,将它们添加到my.cnf(在“ client部分下)。 I've also updated (Linux) /etc/apparmor.d/usr.sbin.mysqld since I'm putting my pem files in a new directory that I created ( certs ). 我还更新了(Linux) /etc/apparmor.d/usr.sbin.mysqld因为我将pem文件放在我创建的新目录( certs )中。
And it all works! 一切正常! Except when I repeat the process of creating client pem files and user/privileges for my local development machine. 除非重复我为本地开发计算机创建客户端pem文件和用户/特权的过程。 I've done everything exactly the same, but when I try to connect, I get: 我所做的一切都完全一样,但是当我尝试连接时,我得到:
ERROR 1045 (28000): Access denied for user 'testuser'@'xxx.xxx.xxx.xxx' (using password: YES)
I've created the testuser on the mysql server and granted privileges in exactly the same way as before (verified by querying the DB). 我已经在mysql服务器上创建了testuser并以与以前完全相同的方式授予了特权(通过查询数据库来验证)。 The client pems and ca.pem are on the box, and the cnf file has been updated. 客户端pems和ca.pem在包装盒上,并且cnf文件已更新。 I've restarted MySQL. 我已经重启了MySQL。 The password I'm using to connect to the server is definitely correct. 我用来连接服务器的密码绝对正确。
The only thing I can think of that's different is when I was creating the client cert, I didn't know what to put in for the Common Name. 我唯一能想到的是与众不同的是,当我创建客户端证书时,我不知道在通用名称中输入什么内容。 In the other case, where it's working, that machine is a web server, so the Common Name I used is the domain. 在另一种情况下,它在工作的地方是一台Web服务器,因此我使用的公用名是域。 For my development machine, I just used what I got from running the hostname command for the Common Name. 对于我的开发机器,我只是使用从运行hostname命令获得的通用名称得到的结果。 If this is the problem, what should the Common Name be? 如果这是问题所在,则通用名称应该是什么?
1 个解决方案
解决方案1
0 2015-05-05 18:22:50
The reason for the problem was because I accidentally put these lines: 出现此问题的原因是因为我不小心放置了以下行:
ssl-cert = /etc/mysql/certs/client-cert.pem
ssl-key = /etc/mysql/certs/client-key.pem
...on my local development machine under the [mysqld_safe] section instead of the [client] section in my.cnf , so there's no inherent MySQL or SSL issue here (although if I hadn't written up this question it might have taken me a lot longer to discover that). ...在我的本地开发计算机上的[mysqld_safe]部分而不是my.cnf中的[client]部分下,因此这里没有固有的MySQL或SSL问题(尽管如果我没有写这个问题,它可能已经采取了我发现它的时间更长了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.