maria-discuss team mailing list archive
Mailing list archive
New Question: MariaDB SSL connection with Connector/J Setup help
A new question has been asked in "SSL Connections" by og_116262525349832924122. Please answer it at http://mariadb.com/kb/en/mariadb-ssl-connection-with-connectorj-setup-help/ as the person asking the question may not be subscribed to the mailing list.
I just installed MariaDB 10.1.11 on Centos 7 and enabled SSL connections.
I created the root CA, Server Cert/Key, & Client Cert/Key as spelled out in the instructions from this link http://xmodulo.com/enable-ssl-mysql-server-client.html (used -sha256 instead of -sha1)
I added the variables in the [mysqld] section of the server.cnf file and restarted MariaDB
I created a user and granted them privilages with a "require x509" suffix.
I have 2 users created (nossluser, ssluser)
grant all on *.* to nossluser;
grant all on *.* to ssluser require X509;
I can login from the command line using MySQL without any problems
MySQL -u nossluser -p <--- works fine with the user that has no ssl requirement
MySQL -u ssluser -p --ssl-cert client-cert.pem --ssl-key client-key.pem --ssl-ca ca-cert.pem <-- this works fine
I can also connect from a remote client using MySQL workbench using the same ca-cert.pem, client-cert.pem, client-key.pem as I used on the command line.
My problem is when I try to create a java client connection using the Mariadb connector/j
I have tried issuing the connection using the useSSL=true, requireSSL=true, serverSslCert=server-cert.pem but it does not work. I get the:
"Could not connect: Access denied for user 'email@example.com' (using password: YES)" error message
I also enabled java.net.debug and I get a message in the log that says:
"Warning:no suitable certificate found - continuing without client authentication"
Now if I change the user to "require ssl" instead of "require x509" The connection works, but I still see the java net debug warning no suitable certificate found which I assume means that the SSL connection did not work but it allowed the connection anyway.
Any Ideas on the correct connection settings for the connector/j
To view or answer this question please visit: http://mariadb.com/kb/en/mariadb-ssl-connection-with-connectorj-setup-help/