Greetings colleagues. Decided to organize SSL connection between the master and the slave. And now fighting for half a day. So we have:

Master - 4.0.5-gentoo, mysql 5.6.26.

have_openssl YES have_ssl YES ssl_ca /etc/mysql/ssl-mysql/ca-cert.pem ssl_cert /etc/mysql/ssl-mysql/server-cert.pem ssl_key /etc/mysql/ssl-mysql/server-key.pem

Slave - Ununtu 12.04 mysql 5.6.27

 Master_SSL_Allowed: No Master_SSL_CA_File: /etc/mysql/ssl-mysql/ca-cert.pem Master_SSL_Cert: /etc/mysql/ssl-mysql/client-cert.pem Master_SSL_Key: /etc/mysql/ssl-mysql/client-key.pem

Certificates created on the genta. Now replication works and everything is ok. But when I do

 CHANGE MASTER TO MASTER_SSL=1

I receive in the logs of the slave

 SSL error: Unable to get certificate from '/etc/mysql/ssl-mysql/client-cert.pem' [ERROR] Slave I/O: error connecting to master 'replica@1.2.3.4:3306' - retry-time: 60 retries: 1, Error_code: 2026 ls -al total 20 drwxr-xr-x 2 mysql mysql 4096 Oct 30 00:06 . drwxr-xr-x 5 root root 4096 Nov 1 17:22 .. -rwxr--r-- 1 mysql mysql 1229 Oct 30 13:51 ca-cert.pem -rwxr--r-- 1 mysql mysql 1123 Oct 30 13:53 client-cert.pem -rwxr--r-- 1 mysql mysql 1708 Oct 30 13:52 client-key.pem

I did everything under the article from Habr HowTo

    1 answer 1

    So I figured out the problem myself. 1. Certificates should be in the old pkcs format # 1 (this is for ubunt 04/12) 2. The permissions for certificates and the folder where they should be from the user from whom mysql is running in my case (mysql). Even if the keys are in /etc/mysq/ssl you still need to give the user rights. Checked so - sudo -u mysql mysql -h 1.2.3.4 --ssl-ca=/etc/mysql/ssl-mysql/ca-cert.pem --ssl-cert=/etc/mysql/ssl-mysql/client-cert.pem --ssl-key=/etc/mysql/ssl-mysql/client-key.pem -u replica -p. I found the answer to my question here ask ubuntu