我正在尝试使用SSL编写一个PHP脚本(托管在带有GoDaddy的VPS上),该脚本连接到远程MySQL数据库(托管在Amazon EC2实例上).
我生成了一些证书(根据http://dev.mysql.com/doc/refman/5.0/en/creating-ssl-certs.html)并在远程/服务器数据库上配置my.cnf,如下所示:
[mysqld]
ssl-ca =/etc/mysql/ca-cert.pem
ssl-cert =/etc/mysql/server-cert.pem
ssl-key =/etc/mysql/server-key.pem
[client]
ssl-ca =/etc/mysql/ca-cert.pem
ssl-cert =/etc/mysql/client-cert.pem
ssl-key =/etc/mysql/client-key.pem
配置正在远程/服务器端(即,本地运行到远程数据库的php脚本能够使用生成的SSL证书建立连接).
但是,虽然我可以在VPS上托管的PHP脚本和远程数据库之间建立不安全的连接,但是当我尝试在相同的两个系统之间建立SSL连接时出现错误.
如果我尝试使用以下命令通过命令行连接到远程数据库:
mysql -h hostIP --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem –u ssluser –p
我收到错误:
ERROR 2026 (HY000): SSL connection error: Unable to get private key
当我尝试通过php脚本连接到服务器时,我得到了同样的错误:
<?php
$link = mysqli_init();
$key = '/home/userName/etc/mysql/certs/client-key.pem' ;
$cert = '/home/userName/etc/mysql/certs/client-cert.pem';
$ca = '/home/userName/etc/mysql/certs/ca-cert.pem';
$capath = NULL;
$cipher = NULL;
mysqli_ssl_set ( $link , $key , $cert , $ca , $capath , $cipher );
mysqli_real_connect ($link, $host, $user, $pass, $schema, 3306, NULL, MYSQLI_CLIENT_SSL);
?>
导致错误:
(HY000/2026): SSL connection error: Unable to get private key
我已根据(forums.mysql.com/read.php?11,400856,401127)尝试修复,但进行此更改会导致"分段错误".
有没有我错过的一步?我究竟做错了什么?
决议:
删除了client-key.pem密码
openssl rsa -in client-key.pem -out client-key2.pem
根据本网站的说明.
我变了
$key = '/home/userName/etc/mysql/certs/client-key2.pem' ;
和
mysql -h hostIP --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key2.pem –u ssluser –p
但不是
[client]
ssl-key =/etc/mysql/client-key.pem
| 归档时间: |
|
| 查看次数: |
13338 次 |
| 最近记录: |