error 18 at 0 depth lookup: self signed certificate

I was trying to test SSL connection between MySQL client and server. For that I created SSL certificate and keys by following the MySQL documentation at:

Creating SSL Certificates and Keys Using openssl

After finishing up all the commands when I verify the certificates by using:

openssl verify -CAfile ca.pem server-cert.pem client-cert.pem

I got the following output:

error 18 at 0 depth lookup: self signed certificate
error server-cert.pem: verification failed
client-cert.pem: OK 


Reason: The Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files will not work for servers compiled using OpenSSL.

Solution: When OpenSSL prompts you for the Common Name for each certificate, use different names.

Common Name (e.g. server FQDN or YOUR name) []:

I used values as follows:
  • CA Cert:  ssl-ca-cert
  • Server Cert: ssl-ca-server-cert
  • Client Cert:  ssl-ca-client-cert
and voila!!! I got success when I verify the certificates this time.

openssl verify -CAfile ca.pem server-cert.pem client-cert.pem

server-cert.pem: OK
client-cert.pem: OK 

Comments

  1. Hi,
    what it will be for a cluster of multiple nodes?
    which key will be shared among the clsuter?
    thanks,
    Hank

    ReplyDelete

Post a Comment

Back To Top

Popular posts from this blog

How to Install MySQL from binary tar in Linux or Unix

mysql query stuck in statistics state