I created a fresh instance of google sql with mysql 5.7. I also had to create a client certificate as well as reset the root password to something known and secure.
If I disable "Only allow secure connections" and I log in from the cli then I can connect with the password.
mysql -uroot -p -h x.x.x.x
But, i like secure connections. So connecting via ssl (enabling ssl connections and using the downloaded certs) is unable to connect.
mysql -uroot -h x.x.x.x --ssl-ca=server-ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem
with this error
mysql: [ERROR] SSL error: Unable to get certificate from 'client-cert.pem'
ERROR 2026 (HY000): SSL connection error: Unable to get certificate
If I try and connect via ssl in mysql administrator, I get this error:
The certs were created by the google console and am trying to connect how the example command tells me to connect. So I cannot for the life of me figure out why I cannot connect.
It seems that when creating a client certificate, Google Cloud is putting the CRT inside the client-key.pem and the KEY inside the client-cert.pem.
Does it work if you try the following?
mysql -uroot -h x.x.x.x --ssl-ca=server-ca.pem --ssl-cert=client-key.pem --ssl-key=client-cert.pem
Related
I'm using the command line prompt on my Windows computer to connect to my Azure MySQL server.
hostname=flashguard.mysql.database.azure.com
username=damiboyflashguard123
port=3306
I entered following on my cmd
mysql -h flashguard.mysql.database.azure.com -P 3306 -u damiboyflashguard123 -p
and entered the password. Then I'm getting following error,
ERROR 2003 (HY000): Can't connect to MySQL server on
'flashguard.mysql.database.azure.com:3306' (10060)
By the way I checked my firewall settings, and it shows firewall is approving on 3306 port requests as follows.
I installed MySQL client in my local machine and tried connecting to Azure mySQL client via command line terminal and was connected successfully:-
ERROR 2003 (HY000): Can’t connect to MySQL server on
‘flashguard.mysql.database.azure.com:3306’ (10060)
Make sure your MySQL server name with username and password does not have any syntax missing or spelling errors. Add your local machine’s IP to the allowed list of Azure MySQL servers like below:-
Make sure your MySQL server is in a ready state and also try to connect to your MySQL server from your Azure Portal to check the connectivity.
Verify your connecting string from Azure Portal like below:-
I ran the above command in my local machine’s command line terminal and I got connected to the azure MySQL server successfully like below:-
mysql -h server-name.mysql.database.azure.com -u xxxxconuser -p xxxxxxxxxn#123
Output:-
When I removed the Client IP from the azure MySQL Networking tab, I got the same error code as yours, refer below:-
Error:-
Verify if you’re connected to any VPN that is restricting you from connecting to the MySQL server on Azure.
I am trying to setup slurm with a remote mariadb database for accounting on Azure, using a mariadb database as service.
If ssl is disabled slurmdbd is perfectly working, it is able to contact the database and append new jobs.
If I enable ssl on the database, I got this error:
slurmdbd: debug2: Attempting to connect to mariadb.database.azure.com:3306
slurmdbd: error: mysql_real_connect failed: 9002 SSL connection is required. Please specify SSL options and retry.
I am perfectly able to connect to the database using:
mysql --host=<host> --port=3306 --user=<user> --password=<password> --ssl --ssl-ca=./BaltimoreCyberTrustRoot.crt.pem
I tried to add:
[client]
ssl_ca = /etc/mysql/ssl/BaltimoreCyberTrustRoot.crt.pem
to /etc/my.cnf, in this way I am able to connect (with ssl enabled) using only:
mysql --host=<host> --port=3306 --user=<user> --password=<password>
but slurmdbd gives me the same error.
Basically, I am not able to find the proper location for slurmdbd to read the ssl_ca.
Any ideas?
Thanks
i dont believe slurm has the ability to talk to an SSL Encrypted MySQL/MariaDB Server. You would need to set up a local MySQL Proxy which redirects the queries to the SSL connected one.
I have an existing PHP service running on a Compute Engine VM Instance and a Google Cloud SQL service.
After I login to the VM and run this command
mysql -h <IP> <db> -umyuser -p
I can connect to the mysql instance with no problem.
However, if I try to use socket
mysql -h localhost --socket=/home/forge/.gcp/cloudsql/proxy/socket/project:region:production
I get this error
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 95
This is an existing setup and I am not very familiar with GCP. But, this was working until yesterday after which it started to fail with this error
Did I miss any configuration change?
I created a MysQL RDS instance on AWS.
I can connect to MysQL using my own user who was the one that created the instance like that:
mysql -h aws-host -P 3306 -u MyUser -p
I need to give access to Mysql to other users who are already register on AWS.
Manual: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.DBAccounts.html
The User creation is working but when I log out from my user and try to logging again with the new user it does not work.
I'm having the problem that the user can not connect to Mysql because of Authentication plugin error.
Command:
mysql -h aws-host -P 3306 -u newUser -p
when I type the password I get:
Error: ERROR 2059 (HY000): Authentication plugin 'mysql_clear_password' cannot be loaded: plugin not enabled
The password is correct because it's the one I use to loggin on aws with that user and IAM DB Authentication is enable, I thought IM and RDS should share passwords or I'm doing something wrong ??
The cause of the issue to be the DB auth token and absence of SSL in your connection string. When using IAM database authentication, network traffic to and from the database is encrypted using Secure Sockets Layer (SSL)
DB auth token is generated with "generate-db-auth-token" and
SSL requires using a root certificate which is available here. Once the file is available on the machine, the following syntax can be used to authenticate:
RDSHOST="myinstance.***********.rds-us-east-1.amazonaws.com"
TOKEN="$(aws rds generate-db-auth-token --hostname $RDSHOST --port 3306 --username test )"
mysql --host=$RDSHOST --port=3306 --enable-cleartext-plugin --ssl-ca=[full path]rds-combined-ca-bundle.pem --ssl-mode=VERIFY_IDENTITY --user=test --password=$TOKEN
Here is the official documentation for connecting to MySQL Database with IAM DB Authentication
In my case I had to change SSL required to no from under the SSL tab on mysqlworkbench and it went away.
I have created a ssl follow:
https://cloud.google.com/sql/docs/configure-ssl-instance
And read this document:
https://cloud.google.com/sql/docs/mysql-client#connect
After I created a new mysql instance and download the three pem files to local. I want to connect to that server:
mysql -u<USERNAME> -p -h <IP_ADDRESS> --ssl-ca=/local/path/to/server-ca.pem --ssl-cert=/local/path/to/client-cert.pem --ssl-key=/local/path/to/client-key.pem
And type the password, again it said:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
Why?
Did you follow the instructions under the heading "Grant access to your instance? It links to another document that explains how to add IP addresses to Authorized Network list of your Cloud SQL instance. Even when using SSL certificates you must add the IP address as an Authorized Network.