ryan
04/27/2022, 5:03 PM{"mysql":"could not connect to db: x509: cannot validate certificate for 1.1.1.1 because it doesn't contain any IP SANs
I can connect fine to the MYSQL instance from the server running fleet by adding the --ssl-cert --ssl-key and --ssl-ca
mysql:
address: 1.1.1.1:3306
database: fleetdm
username: user
password: ':)'
tls_ca: /etc/ssl/certs/server-ca.pem
tls_cert: /etc/ssl/certs/mysql-fleet-cert.pem
tls_key: /etc/ssl/certs/mysql-fleet-key.pem
server_name: 1.1.1.1
What am I missing?Keith Swagler
04/27/2022, 6:16 PMKathy Satterlee
04/27/2022, 6:23 PMryan
04/27/2022, 6:29 PMKathy Satterlee
04/27/2022, 8:47 PMaddress
?ryan
04/27/2022, 8:49 PMKathy Satterlee
04/27/2022, 8:53 PMryan
04/27/2022, 8:53 PMKathy Satterlee
04/27/2022, 9:04 PMstatus
command show that SSL is actually in use?
mysql> \s
Keith Swagler
04/28/2022, 12:32 AMopenssl s_client -showcerts -connect 1.1.1.1:3306
ryan
04/28/2022, 1:32 PMSSL: Cipher in use is ECDHE-RSA-AES128-GCM-SHA256
mysql -u user -p -h 1.1.1.1 --ssl-ca=/etc/ssl/certs/server-ca.pem --ssl-cert=/etc/ssl/certs/mysql-fleet-cert.pem --ssl-key=/etc/ssl/certs/mysql-fleet-key.pem
Kathy Satterlee
04/28/2022, 4:29 PMryan
04/28/2022, 7:40 PM