debugsqlModerate
MySQL SSL error: Unable to get private key
Viewed 0 times
errorunableprivatemysqlgetsslkey
Problem
Getting an error while trying to enable encryption:
/etc/mysql/conf.d/encrypt.cnf:
The key is generated like that:
The openssl checks it fine.
I've tried to change permissions, owners, file names, moving to different directories, disabling SELinux (it's already disabled), looking at AppArmor logs (it doesn't block it), changing 'BEGIN/END PRIVATE KEY' to 'BEGIN/END RSA PRIVATE KEY'.
What's wrong with it?
[ERROR] SSL error: Unable to get private key from '/etc/mysql/ssl/nginx.key'
[Warning] Failed to set up SSL because of the following SSL library error: Unable to get private key/etc/mysql/conf.d/encrypt.cnf:
[mysqld]
ssl-ca=/etc/mysql/ssl/nginx.ca
ssl-cert=/etc/mysql/ssl/nginx.crt
ssl-key=/etc/mysql/ssl/nginx.keyThe key is generated like that:
openssl req -newkey rsa:4096 -nodes -keyout nginx.key -subj "/C=US/ST=California/L=Sacramento/O=MyOrg/OU=MyDev/CN=MyApp"The openssl checks it fine.
I've tried to change permissions, owners, file names, moving to different directories, disabling SELinux (it's already disabled), looking at AppArmor logs (it doesn't block it), changing 'BEGIN/END PRIVATE KEY' to 'BEGIN/END RSA PRIVATE KEY'.
What's wrong with it?
Solution
Ok, apparently just changing 'BEGIN PRIVATE KEY' to 'BEGIN RSA PRIVATE KEY' isn't enough.
It must be properly converted from PKCS#8 to PKCS#1 Reference
It must be properly converted from PKCS#8 to PKCS#1 Reference
openssl rsa -in /etc/mysql/ssl/nginx.key -out ~/nginx.key.rsaCode Snippets
openssl rsa -in /etc/mysql/ssl/nginx.key -out ~/nginx.key.rsaContext
StackExchange Database Administrators Q#201770, answer score: 15
Revisions (0)
No revisions yet.