The Ultimate Guide to High Availability with MariaDB
This is a read-only copy of the MariaDB Knowledgebase generated on 2024-11-16. For the latest, interactive version please visit https://mariadb.com/kb/.

mariadb 10.6.4 SSL access with mysql-workbench

hello -

i am trying to use google-workbench to connect to a MariaDB server.

i have a 10.5.12 server running on the google-cloud, and i am indeed very successful to access the server no problem using mysql-workbench, but i am unable to use mysql-workbench connect to a 10.6.4 running locally on a virtualbox vm.

here are my 10.5.2 settings on the google-cloud:

[mariadb-10.5]
ssl_cert = /etc/my.cnf.d/certificates/server-cert.pem
ssl_key = /etc/my.cnf.d/certificates/server-key.pem
ssl_ca = /etc/my.cnf.d/certificates/ca.pem

SHOW GLOBAL  VARIABLES LIKE '%Ssl%';
+---------------------+--------------------------------------------+
| Variable_name       | Value                                      |
+---------------------+--------------------------------------------+
| have_openssl        | YES                                        |
| have_ssl            | YES                                        |
| ssl_ca              | /etc/my.cnf.d/certificates/ca.pem          |
| ssl_capath          |                                            |
| ssl_cert            | /etc/my.cnf.d/certificates/server-cert.pem |
| ssl_cipher          |                                            |
| ssl_crl             |                                            |
| ssl_crlpath         |                                            |
| ssl_key             | /etc/my.cnf.d/certificates/server-key.pem  |
| version_ssl_library | OpenSSL 1.1.1g FIPS  21 Apr 2020           |
+---------------------+--------------------------------------------+
10 rows in set (0.001 sec)

status
--------------
mariadb  Ver 15.1 Distrib 10.5.12-MariaDB, for Linux (x86_64) using readline 5.1

Connection id:          23
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server:                 MariaDB
Server version:         10.5.12-MariaDB MariaDB Server
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    utf8
Conn.  characterset:    utf8
UNIX socket:            /var/lib/mysql/mysql.sock
Uptime:                 1 hour 57 min 24 sec

Threads: 3  Questions: 118  Slow queries: 0  Opens: 20  Open tables: 13  Queries per second avg: 0.016
--------------

however, when i try this on 10.6.4 using near-identical my.cnf.d file, i get this message below (and also on mysql-workbench) (notice have_ssl keeps showing as 'disabled')

 mariadb  --ssl-verify-server-cert ;
ERROR 2026 (HY000): SSL connection error: SSL is required, but the server does not support it

here are my settings:

[mariadb-10.6]
ssl_cert = /etc/my.cnf.d/certificates/server-cert.pem
ssl_key = /etc/my.cnf.d/certificates/server-key.pem
ssl_ca = /etc/my.cnf.d/certificates/ca.pem

SHOW VARIABLES LIKE '%ssl%';
+---------------------+--------------------------------------------+
| Variable_name       | Value                                      |
+---------------------+--------------------------------------------+
| have_openssl        | YES                                        |
| have_ssl            | DISABLED                                   |
| ssl_ca              | /etc/my.cnf.d/certificates/ca.pem          |
| ssl_capath          |                                            |
| ssl_cert            | /etc/my.cnf.d/certificates/server-cert.pem |
| ssl_cipher          | AES128+EECDH:AES128+EDH                    |
| ssl_crl             |                                            |
| ssl_crlpath         |                                            |
| ssl_key             | /etc/my.cnf.d/certificates/server-key.pem  |
| version_ssl_library | OpenSSL 1.1.1g FIPS  21 Apr 2020           |
+---------------------+--------

MariaDB [(none)]> status
--------------
mariadb  Ver 15.1 Distrib 10.6.4-MariaDB, for Linux (x86_64) using readline 5.1

Connection id:          6
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server:                 MariaDB
Server version:         10.6.4-MariaDB MariaDB Server
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    utf8mb3
Conn.  characterset:    utf8mb3
UNIX socket:            /var/lib/mysql/mysql.sock
Uptime:                 8 min 34 sec

Threads: 1  Questions: 12  Slow queries: 0  Opens: 18  Open tables: 11  Queries per second avg: 0.023
--------------

oddly enough, on 10.5 i get this message:

mariadb  --ssl-verify-server-cert
ERROR 2026 (HY000): SSL connection error: self signed certificate in certificate chain

but at least mysql-workbench is working!!

any suggestions?

EDIT: i am also seeing these error messages:

systemctl status mariadb.service ;
Nov 08 16:56:19 localhost.localdomain mariadbd[13322]: 2021-11-08 16:56:19 7 [Warning] Aborted connection 7 to db: 'unconnected' user: 'unauthenticated' host: '192.168.123.190' (This connection closed normally without authentication)

i am VERY tempted to install 10.5 on my Virtualbox and 10.6 on the google-cloud vm & see if the problem follows the Mariadb version or the platform.

EDIT 2: i installed 10.5 on Virtualbox & it works fine. i created an install script on Github and ran identically as both 10.5 and 10.6 - and definitely its something in 10.6, or at least another requirement that i missed.

Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.