← Back to team overview

maria-discuss team mailing list archive

New Question: MariaDB SSL connection with Connector/J Setup help



A new question has been asked in "SSL Connections" by og_116262525349832924122. Please answer it at http://mariadb.com/kb/en/mariadb-ssl-connection-with-connectorj-setup-help/ as the person asking the question may not be subscribed to the mailing list.

I just installed MariaDB 10.1.11 on Centos 7 and enabled SSL connections.
I created the root CA, Server Cert/Key, & Client Cert/Key as spelled out in the instructions from this link http://xmodulo.com/enable-ssl-mysql-server-client.html   (used -sha256 instead of -sha1)

I added the variables in the [mysqld] section of the server.cnf file and restarted MariaDB
I created a user and granted them privilages with a "require x509" suffix.

I have 2 users created (nossluser, ssluser)
grant all on *.* to nossluser;
grant all on *.* to ssluser require X509;

I can login from the command line using MySQL without any problems

MySQL -u nossluser -p               <--- works fine with the user that has no ssl requirement

MySQL -u ssluser -p --ssl-cert client-cert.pem --ssl-key client-key.pem --ssl-ca ca-cert.pem                    <-- this works fine 

I can also connect from a remote client using MySQL workbench using the same ca-cert.pem, client-cert.pem, client-key.pem as I used on the command line.

My problem is when I try to create a java client connection using the Mariadb connector/j
I have tried issuing the connection using the useSSL=true, requireSSL=true, serverSslCert=server-cert.pem but it does not work.   I get the:
"Could not connect: Access denied for user 'ssluser'@' (using password: YES)"   error message

I also enabled java.net.debug and I get a message in the log that says:
"Warning:no suitable certificate found - continuing without client authentication"

Now if I change the user to "require ssl" instead of "require x509" The connection works, but I still see the java net debug warning no suitable certificate found which I assume means that the SSL connection did not work but it allowed the connection anyway.

Any Ideas on the correct connection settings for the connector/j



To view or answer this question please visit: http://mariadb.com/kb/en/mariadb-ssl-connection-with-connectorj-setup-help/