View Single Post
  #1  
Old 22nd July 2010, 20:34
isn isn is offline
Member
 
Join Date: Oct 2009
Posts: 49
Thanks: 5
Thanked 2 Times in 2 Posts
Default mysql ssl data replication problem certificate issue?

Using:
http://www.howtoforge.com/how-to-set...-on-centos-5.4


mysql> SHOW SLAVE STATUS \G
*************************** 1. row ***************************
Slave_IO_State: Connecting to master
Master_Host: mercury.investmenttool.com
Master_User: slave_user
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000006
Read_Master_Log_Pos: 98
Relay_Log_File: mysqld-relay-bin.000001
Relay_Log_Pos: 98
Relay_Master_Log_File: mysql-bin.000006
Slave_IO_Running: No
Slave_SQL_Running: Yes
Replicate_Do_DB: transferdb
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 98
Relay_Log_Space: 98
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: Yes
Master_SSL_CA_File: /etc/mysql/newcerts/ca-cert.pem
Master_SSL_CA_Path:
Master_SSL_Cert: /etc/mysql/newcerts/client-cert.pem
Master_SSL_Cipher:
Master_SSL_Key: /etc/mysql/newcerts/client-key.pem
Seconds_Behind_Master: NULL
1 row in set (0.00 sec)


100722 7:37:57 [ERROR] Slave I/O thread: error connecting to master 'slave_user@mercury.investmenttool.com:3306': Error: 'Access denied for user 'slave_user'@'basestar.investmenttool.com' (using password: YES)' errno: 1045 retry-time: 60 retries: 86400

Read thte notes in the thread itself and decided to verify the certificate:

[root@basestar newcerts]# openssl verify -CAfile ca-cert.pem client-cert.pem
client-cert.pem: /C=US/ST=Illinois/L=Chicago/O=ISN Corporation/CN=basestar.investmenttool.com/emailAddress=hpuxconsulting@yahoo.com
error 20 at 0 depth lookup:unable to get local issuer certificate

Master is the main server, I'd just like data replication to a hot site.

the hot site is at a fixed ip address, and everything is wonderful. So I think.

SEP
__________________
isn aka SEP from ITRC forums

Last edited by isn; 22nd July 2010 at 21:25.
Reply With Quote
Sponsored Links