I have mariadb set up on my ubunutu 18.04 lts system.
I had a backup script working without a problem, but somewhere in updates it stopped working, but I didn't notice at first, because who watches backups when they've worked reliably for ages.
But now I've noticed that backups have stopped working, and when I try to emulate the start of the backup command I get the error:
ERROR 2026 (HY000): SSL connection error: self signed certificate in certificate chain
using the command I've used without problem previously, suddenly gives an error.
$ mysql -u root -p################################ -N -e 'show databases' ERROR 2026 (HY000): SSL connection error: self signed certificate in certificate chain` Even if I do a simply login I get the same error
$ mysql -u root -p Enter password: ERROR 2026 (HY000): SSL connection error: self signed certificate in certificate chain For a few months ago I didn't have any issues with running mysql on the server via command line. Somewhere updates must have changed this, but I don't know what changed it.
I really can't execute any meaningful command with mysql without it balking about the certificate chain.
My version:
$ mysql -V mysql Ver 15.1 Distrib 10.3.22-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2 When I connect from my work machine to the server with the certificate that's installed I have no issues connecting to the database. So the certificate works for the mysql server. It seems to be a pure command line mysql issue.
I've updated everything in apt-get and apt, there are 0 updates available.
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-88-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Tue Mar 3 16:20:40 GMT 2020 System load: 0.89 Processes: 209 Usage of /: 5.5% of 3.58TB Users logged in: 0 Memory usage: 12% IP address for eth0: ###.###.###.### Swap usage: 0% * Canonical Livepatch is available for installation. - Reduce system reboots and improve kernel security. Activate at: https://ubuntu.com/livepatch 0 packages can be updated. 0 updates are security updates. The /etc/mysql/my.cnf
# MariaDB-specific config file. # Read by /etc/mysql/my.cnf [client] # Default is Latin1, if you need UTF-8 set this (also in server section) #default-character-set = utf8 #ojiaergoijboij = halksjd #nduks =- ksjdfljsd [mysql] ssl-ca=/etc/mysql/ssl/ca.pem #ssl-cert=/etc/mysql/ssl/client-cert.pem #ssl-key=/etc/mysql/ssl/client-key.pem [mysqld] # # * Character sets # # Default is Latin1, if you need UTF-8 set all this (also in client section) # #character-set-server = utf8 #collation-server = utf8_general_ci #character_set_server = utf8 #collation_server = utf8_general_ci # Import all .cnf files from configuration directory !includedir /etc/mysql/mariadb.conf.d/ innodb_flush_log_at_trx_commit=2 innodb_file_per_table=1 innodb_buffer_pool_size=8G thread_cache_size=10 skip-name-resolve #query_cache_type=1 #query_cache_limit=256k #query_cache_min_res_unit=2k #query_cache_size=80M tmp_table_size=256M max_heap_table_size=256M query_cache_size=0 query_cache_type=0 ssl ssl-ca=/etc/mysql/ssl/ca-cert.pem ssl-cert=/etc/mysql/ssl/server-cert.pem ssl-key=/etc/mysql/ssl/server-key.pem When I verify the certificates they come out ok.
openssl verify -CAfile /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/server-cert.pem /etc/mysql/ssl/client-cert.pem /etc/mysql/ssl/server-cert.pem: OK /etc/mysql/ssl/client-cert.pem: OK You have new mail in /var/mail/root
Is this something that I can solve with a mysql flag? Or is this something I need to solve in an openSSL settings?
I've tried googling, but the closest to the symptoms I could find was a question from 2012.
