You are not logged in.

#1 2014-01-25 09:39:53

nihilon
Member
Registered: 2013-08-06
Posts: 8

systemctl start mysqld unrecognized option --ssl-ca=

I have spent most of the last 18 hours reading manuals, searching the web and searching these forums for an answer, but have not found anything that worked or that even matched the issue I am having. So here goes.

Issue: Entering the command:

$ sudo systemctl start mysqld --ssl-ca=/path/to/ca-cert.pem --ssl-cert=/path/to/server-cert.pem --ssl-key=/path/to/server-key.pem

and pressing 'Enter' only gets me this error:

systemctl: unrecognized option '--ssl-ca=/path/to/ca-cert.pem' 

OR it will act as though it accepted the command but the server does not start. And they happen with about equal frequency.

Does anyone have any ideas as to what is going on?

Again, I have read the manuals - all of them. I have followed directions found on nearly every single hit that came up on google and bing in the last 18 hours. I've tried with both MySQL 5.6.15 Source distribution from the AUR and with MariaDB. I have added these options to /etc/mysql/my.cnf (there are no other copies on the system):

[client]
ssl-ca=/path/to/ca-cert.pem
ssl-cert=/path/to/client-cert.pem
ssl-key=/path/to/client-key.pem 

[mysqld]
ssl-ca=/path/to/ca-cert.pem
ssl-cert=/path/to/server-cert.pem
ssl-key=/path/to/server-key.pem 

And still, nothing. I have verified that MySQL is in fact SSL capable, per the directions in the documentation. Still, no dice.

This thing seems intent on keeping me from using SSL.

The pertinents:
    mysql --version returns: Ver 14.14 Distrib 5.6.15, for Linux (x86_64) using EditLine wrapper
    uname -a returns: Linux [hostname] 3.12.7-2-ARCH #1 SMP PREEMPT Sun Jan 12 13:09:09 CET 2014 x86_64 GNU/Linux

    In case it is worth mentioning, Arch is running on a virtual machine. VMware Player ver. 6.0.1 build-1379776 on a Windows 7 Professional host, 64-bit ver. 6.1.7601, SP1.

I could really use some help folks.


"If we don't run as administrator, stuff breaks." from Writing Secure Code, Second Edition. Microsoft Press 2003

Offline

#2 2014-01-25 11:56:52

Spider.007
Member
Registered: 2004-06-20
Posts: 1,156

Re: systemctl start mysqld unrecognized option --ssl-ca=

Okay when you are using systemctl you are instructing systemd to do something such as 'start mysqld'. Any options you pass, will be parsed by systemctl (not mysqld). That is the reason systemd complains of an unknown option (systemd doesn't have a ssl-ca option).

The options you put in you my.cnf should be sufficient. However the mysql client doesn't automatically use ssl when connecting; so after starting mysqld (systemctl start mysqld) use the client to see if ssl works:

mysql --ssl-ca=/path/to/ca-cert.pem

If you client connects successful that doesn't mean it's using ssl though, enter '\s' and check if ssl is enabled.

Last edited by Spider.007 (2014-01-25 11:57:50)

Offline

#3 2014-01-25 21:48:38

nihilon
Member
Registered: 2013-08-06
Posts: 8

Re: systemctl start mysqld unrecognized option --ssl-ca=

Spider.007 wrote:

Okay when you are using systemctl you are instructing systemd to do something such as 'start mysqld'. Any options you pass, will be parsed by systemctl (not mysqld). That is the reason systemd complains of an unknown option (systemd doesn't have a ssl-ca option).

The options you put in you my.cnf should be sufficient. However the mysql client doesn't automatically use ssl when connecting; so after starting mysqld (systemctl start mysqld) use the client to see if ssl works:

mysql --ssl-ca=/path/to/ca-cert.pem

If you client connects successful that doesn't mean it's using ssl though, enter '\s' and check if ssl is enabled.

No dice:

$ mysql --ssl-ca=/path/to/ca-cert.pem
Welcome to the MySQL monitor. Commands end with ; or \g
Your MySQL connection id is 4
Server version: 5.6.15 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trade..../* You get the idea... */

mysql> \s
---------------------------------------------------
mysql Ver 14.14 Distrib 5.6.15, for Linux (x86_64) using Editline wrapper

Connection id: 4
Current database:
Current user: user@localhost
SSL: Not in use
/* ......and the rest of the usual... */
---------------------------------------------------

mysql>

So. No deal.


"If we don't run as administrator, stuff breaks." from Writing Secure Code, Second Edition. Microsoft Press 2003

Offline

#4 2014-01-26 12:08:05

Spider.007
Member
Registered: 2004-06-20
Posts: 1,156

Re: systemctl start mysqld unrecognized option --ssl-ca=

What is the output of

show variables like '%ssl%';

Offline

Board footer

Powered by FluxBB