{question}
How do you ignore the "--ssl-ca" option and connect to SingleStore securely when using the MySQL client?
{question}
{answer}
If a SingleStore server has been configured to use SSL and the user connecting to SingleStore using MySQL CLI is configured with the `REQUIRE SSL` parameter, the flag --ssl-ca
needs to be specified in the command line during the connection. This flag accepts the value of the path of the certificate,
master-agg-ip-10-0-2-211 /home/admin $ mysql -h10.0.2.211 -usample -padmin123 --ssl-ca ./certs/ca-cert.pem
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 30
If the flag is not specified, the connection will fail with an "Access Denied" error:
master-agg-ip-10-0-2-211 /home/admin $ mysql -h10.0.2.211 -usample -padmin123
ERROR 2455 (HY000): Access denied for user 'sample'@'10.0.2.211' (using password: YES). The user is configured with REQUIRE SSL but the connection is not SSL. See https://docs.memsql.com/docs/ssl for information on configuring SSL.
This article describes the steps to configure the client such as the parameter does not need to be explicitly specified in the Command Line.
In MySQL Clients, an option file can be configured which contains all the relevant parameters that can be passed into the Command Line.
Below are the steps that can be followed to configure an options file that contains the --ssl-ca
parameter.
- For a Linux machine, create a file named
my.cnf
in the/etc
directory. For Windows, the same file needs to be created as%WINDIR%\my.ini or %WINDIR%\my.cnf
- Edit the file to add the following contents:
[client]
ssl-ca=/data/sstore/certs/ca-cert.pem - Save the file and connect to the server without specifying the
--ssl-ca
flag.
master-agg-ip-10-0-2-211 /home/admin $ mysql -h10.0.2.211 -usample -padmin123
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 38
If you would like more information on creating the options file, please check MySQL docs.
{answer}