From: Paul&nbsp;Nowosielski
Date: November 10 2010 11:23pm
Subject: MySQL replication SSL
List-Archive: http://lists.mysql.com/mysql/223564
Message-Id: <223425.6952.qm@web30405.mail.mud.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Dear All,=0A=0AI'm trying to get SSL connections =0Afor all mysql slave and=
 masters.=0A=0AI have one box that will not use SSL for some reason.=0AWhen=
 I start this slave it can not connect because =0Ait's not using SSL.=0A=0A=
=0A=0A=0Ashow slave status\G=0A*************************** 1. row *********=
******************=0A             Slave_IO_State: Connecting to master=0A  =
              Master_Host: myhost=0A                Master_User: rep_user=
=0A                Master_Port: 3306=0A              Connect_Retry: 60=0A  =
          Master_Log_File: mysql-bin.000095=0A        Read_Master_Log_Pos: =
1095=0A             Relay_Log_File: slave-relay.000004=0A              Rela=
y_Log_Pos: 98=0A      Relay_Master_Log_File: mysql-bin.000095=0A           =
Slave_IO_Running: No=0A          Slave_SQL_Running: Yes=0A            Repli=
cate_Do_DB: crm=0A        Replicate_Ignore_DB: =0A         Replicate_Do_Tab=
le: =0A     Replicate_Ignore_Table: =0A    Replicate_Wild_Do_Table: =0ARepl=
icate_Wild_Ignore_Table: =0A                 Last_Errno: 0=0A              =
   Last_Error: =0A               Skip_Counter: 0=0A        Exec_Master_Log_=
Pos: 1095=0A            Relay_Log_Space: 98=0A            Until_Condition: =
None=0A             Until_Log_File: =0A              Until_Log_Pos: 0=0A   =
      Master_SSL_Allowed: No <---=0A         Master_SSL_CA_File: =0A       =
  Master_SSL_CA_Path: =0A            Master_SSL_Cert: =0A          Master_S=
SL_Cipher: =0A             Master_SSL_Key: =0A      Seconds_Behind_Master: =
NULL=0A=0A=0A=0AHere is a portion of my.cnf.=0A=0A[mysqld]=0Adatadir=3D/var=
/lib/mysql=0Asocket=3D/var/lib/mysql/mysql.sock=0Auser=3Dmysql=0A# Default =
to using old password format for compatibility with mysql 3.x=0A# clients (=
those using the mysqlclient10 compatibility package).=0Aold_passwords=3D1=
=0Amax_connections=3D500=0Amax_connect_errors =3D 0=0A=0A# replication=0Ase=
rver-id =3D 1=0Areplicate-same-server-id =3D 0=0Aauto-increment-increment =
=3D3=0Aauto-increment-offset =3D1=0A=0Amaster-host =3D myHost=0Amaster-user=
 =3D rep_user=0Amaster-password =3D rep_passwd=0Amaster-connect-retry =3D 6=
0=0Areplicate-do-db =3D crm=0A=0Alog-bin=3D /var/log/mysql/mysql-bin.log=0A=
binlog-do-db =3D crm=0A=0Arelay-log =3D /var/lib/mysql/slave-relay.log=0Are=
lay-log-index =3D /var/lib/mysql/slave-relay-log.index=0A=0Aexpire_logs_day=
s =3D 10=0Amax_binlog_size =3D 500M=0A# end replication=0A=0A=0A# SSL for r=
eplication=0Assl=0Assl-key=3D/etc/mysql/ssl/server-key.pem=0Assl-cert=3D/et=
c/mysql/ssl/server-cert.pem=0Assl-ca=3D/etc/mysql/ssl/ca-cert.pem=0Assl-cap=
ath=3D/etc/mysql/ssl/=0Assl-cipher=3DDHE-RSA-AES256-SHA=0A=0A=0A=0A=0A=0A[c=
lient]=0Assl=0Aport =3D 3306=0Asocket =3D /var/lib/mysql/mysql.sock=0Assl-c=
a=3D/etc/mysql/ssl/ca-cert.pem=0Assl-key=3D/etc/mysql/ssl/client-key.pem=0A=
ssl-cert=3D/etc/mysql/ssl/client-cert.pem=0Assl-cipher=3DDHE-RSA-AES256-SHA=
=0A=0A=0AAnyone see any issues with this?=0A=0AThank you,=0A=0APaul=0A=0A=
=0A