HiveBrain v1.2.0
Get Started
← Back to all entries
debugsqlModerate

MySQL SSL error: Unable to get private key

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
errorunableprivatemysqlgetsslkey

Problem

Getting an error while trying to enable encryption:

[ERROR] SSL error: Unable to get private key from '/etc/mysql/ssl/nginx.key'
[Warning] Failed to set up SSL because of the following SSL library error: Unable to get private key


/etc/mysql/conf.d/encrypt.cnf:

[mysqld]
ssl-ca=/etc/mysql/ssl/nginx.ca
ssl-cert=/etc/mysql/ssl/nginx.crt
ssl-key=/etc/mysql/ssl/nginx.key


The key is generated like that:

openssl req -newkey rsa:4096 -nodes -keyout nginx.key -subj "/C=US/ST=California/L=Sacramento/O=MyOrg/OU=MyDev/CN=MyApp"


The openssl checks it fine.

I've tried to change permissions, owners, file names, moving to different directories, disabling SELinux (it's already disabled), looking at AppArmor logs (it doesn't block it), changing 'BEGIN/END PRIVATE KEY' to 'BEGIN/END RSA PRIVATE KEY'.

What's wrong with it?

Solution

Ok, apparently just changing 'BEGIN PRIVATE KEY' to 'BEGIN RSA PRIVATE KEY' isn't enough.

It must be properly converted from PKCS#8 to PKCS#1 Reference

openssl rsa -in /etc/mysql/ssl/nginx.key -out ~/nginx.key.rsa

Code Snippets

openssl rsa -in /etc/mysql/ssl/nginx.key -out ~/nginx.key.rsa

Context

StackExchange Database Administrators Q#201770, answer score: 15

Revisions (0)

No revisions yet.