Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSL connection error when trying to connect to mysql Aurora via the mysql CLI

Tags:

mysql

ssl

amazon-web-services

amazon-rds

amazon-aurora

I will preface by saying I can connect to the DB instance when I'm not trying to go over SSL.

I am following this guide here

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Connect.html

I have ensured the db instance is public facing.

The security group of the VPC has the following rules:

Type Protocol Port Range Source
MySQL/Aurora (3306) TCP (6) 3306 my_ip_address/32
MySQL/Aurora (3306) TCP (6) 3306 sg-security_group_name

Where the security_group_name is the security group for my EC2 cluster.

I am using the cluser endpoint of my aurora cluster. And I've removed the port. I installed mysql on my machine using homebrew. This is the command I am trying from my local machine (macbook):

mysql -h blah-database-cluster.cluster-dfgdgfd.us-east-1.rds.amazonaws.com --ssl-ca=rds-ssl-ca-cert.pem --ssl-verify-server-cert

Where rds-ssl-ca-cert.pem is the file I downloaded from here:

http://s3.amazonaws.com/rds-downloads/rds-ssl-ca-cert.pem

I get the error:

ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)

I have tried creating a new instance, rebooting etc and no joy. Does my security group need some kind of https rule?

Edit:

Further clue. When I run mysql --ssl locally it doesn't error. But when I do mysql show_variables, it says SSL false and the have_ssl and have_open_ssl variables don't exist. Could this be the problem? I installed the local mysql via homebrew package manager for mac.

New edit:

I re-installed mysql (previously from brew) and now direct from oracle and when I try to connect it gives a different error - SSL connection error: ASN: bad other signature confirmation

like image 539
Hard worker Avatar asked Feb 10 '23 07:02

Hard worker

1 Answers

  1. At present the AWS Aurora documentation is linking to an out of date SSL certificate to use, hence the problem. This has been confirmed by the AWS support staff. Use this instead: https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem

  2. Even when using that certificate, connecting to the cluster end-point over SSL still doesn't work for the command line using mysql -h connection. If I change from the cluster end-point to the instance end-point strangely it works.

  3. Bizarrely, mysql workbench does connect over ssl, both to the instance end-point AND the cluster-end point.

like image 185
Hard worker Avatar answered Feb 12 '23 11:02

Hard worker
Sign in to Comment

Related questions

Which column type for storing the year field in a table with rows of yearly data
Use is not valid input at this position MySQL Workbench
Change Array Result PHP and MYSQL
Is there a difference between SELECT * and SELECT ALL?
Warning: mysqli_query(): Couldn't fetch mysqli [duplicate]
SELECT id WHERE
Weird SQL request with unknown field

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!