Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Integrating ssl with mysql - Access Denied

Tags:

mysql

ssl

access-denied

I'm trying to setting up ssl for mysql by referring this.
I'm able to complete first 3 steps but having issue with the 4th which is as following:

GRANT ALL PRIVILEGES ON *.* TO 'ssluser'@'localhost' IDENTIFIED BY 'ssluser' REQUIRE SSL;
FLUSH PRIVILEGES;

Then I restart the mysql server.

After executing this statement when I try to run mysql -ussluser -pssluser -P3306 --ssl-key="C:\Program Files\MySQL\MySQL Server 5.5\certs\ca-cert.pem",
it shows following error: Access denied for user 'ssluser'@'localhost' (using password: YES)
I'm using 3306 here as it's my default port.

How it can say Access Denied when I have already executed GRANT statement.

Note that

  • I executed mysql -ussluser -pssluser before using GRANT statement with REQUIRE SSL and I was able to connect to mysql.

  • If I try SHOW GRANTS FOR 'ssluser'@'localhost';
    I get

    GRANT ALL PRIVILEGES ON *.* TO \'ssluser\'@\'localhost\' IDENTIFIED BY PASSWORD \'*C56A6573BEE146CB8243543295FD80ADCE588EFF\' REQUIRE SSL WITH GRANT OPTION

  • Before executing GRANT statement, I was able to connect to workbench through ssluser. But now its giving access denied error.

  • When I use show global variables like 'have_%ssl'; I get

    have_openssl DISABLED have_ssl DISABLED

  • and when I use this SHOW STATUS LIKE 'Ssl_cipher'; I get

    Ssl_cipher _________

  • I have created all server and client certificates and placed them in certs directory inside mysql server root directory.

I'm trying it from couple of days but have found nothing. Any help appreciated.

I'm doing this for the first time. Can anyone guide me through detailed procedure to do this?

like image 542
GAMA Avatar asked Mar 14 '13 06:03

GAMA

1 Answers

I was struggling with a similar error message today and here is what I discovered.

  1. The "REQUIRE SSL" option for the GRANT only requires SSL for connection and does not require a client side certificate to be provided.
  2. The mysql CLI does not handle SSL like I expected. For example, on MySQL 5.5, the --ssl option doesn't seem to really enable the SSL transport.
  3. I had to add the option --ssl-cipher=DHE-RSA-AES256-SHA:AES128-SHA to get the mysql client to really use SSL and allow authentication with the client.

Here are the exact steps I used to setup my new user:

CREATE USER 'ssl-user'@'%' identified by '<password>';
GRANT USAGE ON *.* TO 'ssl-user'@'%' identified by '<password>' REQUIRE SSL;
GRANT ALL PRIVILEGES ON `your-database`.* TO 'ssl-user'@'%';
like image 62
Matt Lavin Avatar answered Sep 25 '22 08:09

Matt Lavin
Sign in to Comment

Related questions

What MySQL driver for Node.js works on Windows?
Create a new MySQL database using Workbench
What datatype is best for storing articles in SQL database?
MySQL full text search plural/singular form of words
How to weight 'ORDER BY' in mysql?
MySQL: What does the equal colon =: mean in an update statement?
Unknown abstract schema type
1130 Host 'amazon-ec2-ip' is not allowed to connect to this MySQL server
SQL Group By and min (MySQL)
single sql query to perform some group by
Django databases and threads
Returning Array of Objects from PDO
Best way to store passwords in a mysql database? [duplicate]
Make php files hidden from outside world
MySQL how to make negative results possible when subtracting unsigned values?
Connecting to mysql using ssl in Zend framework
Count the number of rows in 30 day bins
How should I store user "favorites" in mySQL table?
How to connect to a remote MySQL server using C#?
Is executeUpdate method in Java a thread-safe one? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!