I have been setting up a few mysql servers with SSL support for replication .<\/p>\n
I used the script provided in the the official mysql documentation<\/a>\u00c2\u00a0 for creating the ssl certificates cause I needed to do it on more then one server and it made more sense to use it then actually creating each certificate one by one.<\/p>\n If you just read the documentation and create the certificate one by one you will be fine but if you use the script your CA certificate will expire after 30 days and after a month you'll be banging your head trying to find out why suddenly SSL connections don't work anymore. reveals it ...<\/p>\n Ah .... there you go ... just 30 days for the cacert file ... insane... Should be something like:<\/p>\n That is if you want the CA cert to be valid for a year. <\/p>\n","protected":false},"excerpt":{"rendered":" I have been setting up a few mysql servers with SSL support for replication . I used the script provided in the the official mysql documentation\u00c2\u00a0 for creating the ssl certificates cause I needed to do it on more then one server and it made more sense to use it then actually creating each certificate … Continue reading MySQL and SSL<\/span>
\nYou know your certificates should be valid for a year or more but why doesn't it work anymore ... running this command :<\/p>\nnotBefore=Apr 17 12:20:10 2008 GMT\r\nnotAfter=May 17 12:20:10 2008 GMT<\/pre>\n
\nThe problem was actually reported by someone else in the comments on that documentation page but I was in a hurry ( yeah right ) and didn't go that far with reading it.
\nNote to self: always read the comments on those pages
\nSo if you use that script make sure you modify it to make the CA valid for more then 30 days.
\nThis line: <\/p>\n