error 18 at 0 depth lookup: self signed certificate
I was trying to test SSL connection between MySQL client and server. For that I created SSL certificate and keys by following the MySQL documentation at:
Creating SSL Certificates and Keys Using openssl
After finishing up all the commands when I verify the certificates by using:
openssl verify -CAfile ca.pem server-cert.pem client-cert.pem
I got the following output:
error 18 at 0 depth lookup: self signed certificate
error server-cert.pem: verification failed
client-cert.pem: OK
Reason:
Creating SSL Certificates and Keys Using openssl
After finishing up all the commands when I verify the certificates by using:
openssl verify -CAfile ca.pem server-cert.pem client-cert.pem
I got the following output:
error 18 at 0 depth lookup: self signed certificate
error server-cert.pem: verification failed
client-cert.pem: OK
Reason:
The Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files will not work for servers compiled using OpenSSL.
Solution:
When OpenSSL prompts you for the Common Name for each certificate, use different names.
Common Name (e.g. server FQDN or YOUR name) []:
I used values as follows:
CA Cert: ssl-ca-cert
Server Cert: ssl-ca-server-cert
Client Cert: ssl-ca-client-cert
and voila!!! I got
success when I verify the certificates this time.
openssl verify -CAfile ca.pem server-cert.pem client-cert.pem
server-cert.pem: OK
client-cert.pem: OK
Hi,
ReplyDeletewhat it will be for a cluster of multiple nodes?
which key will be shared among the clsuter?
thanks,
Hank