Server Upgrade 5.7.19 -> 5.7.21 causes "Certificate signature check failed" #330
Comments
|
same issue as #215 ? |
ansgarbecker
changed the title
|
I'm having the same problem. Yet I can connect just fine to my AWS instance from the command line with: |
|
Hi, I also have the same problem, do you know how to fix it ?
|
|
Was this tested with v10.1 ? If not, please give it a try. Also, it may be worth to update then to the latest build, as I pushed 51da7c8 yesterday, now allowing all TLS versions up to v1.3. |
|
I have upgraded to 10.1.0.5573 and I still see the issue (SSL connection error: Certificate signature check failed) with the following keys (as directed to use in https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html): https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem When I use the region specific certificates, I am able to connect successfully: https://s3.amazonaws.com/rds-downloads/rds-ca-2015-us-east-1.pem (for example, complete list in the url above) |
|
May I assume you have updated HeidiSQL through replacing the build file? Or did you install 10.1 first (to get updated libraries as well), and then updated to the latest build? |
|
Hope I'm answering this question sufficiently. I believe every update I have done, including this one, has been through the 'Check for updates ...' dialog. I believe I only did a single update to get over 10.1 |
|
I have just uninstalled HeidiSQL, reinstalled (10.1) and updated to last build (10.1.0.5581) but I still get the same error (which I do not get connecting through command line). |
|
@robertoarnetoli did you also update MySQL from 5.7.19 to a newer one or on which server version are you? |
|
AWS RDS MySQL 5.7.25 no updates. It's a new database |
|
Please try the latest HeidiSQL build. |
|
Shout if still an issue with v12.0 |
Steps to reproduce this issue
We run a MySQL server in the cloud (AWS RDS). We recently upgraded this server from version 5.7.19 to 5.7.21.
The MySQL users have been created with the following syntax:
We configure all clients and tools (including HeidiSQL) to use a CA-Certificate file, effectively forcing said tools to connect as if the following CLI command was issued:
Before the server upgrade, all our tools and programs could connect without issue to the MySQL server.
After the upgrade, all our tools and programs except HeidiSQL can connect to the server as expected.
HeidiSQL however gives the error: "SSL connection error: Certificate signature check failed"
Current behavior
When attempting to connect, with a CA-file specified, HeidiSQL gives the error: "SSL connection error: Certificate signature check failed".
(all other tools and programs work as intended)
Expected behavior
When attempting to connect, with a CA-file specified, the connection should be established.
Possible solution
I've no possible solution. We did try overwriting the
libmysql.dllfile that comes bundled with HeidiSQL with a newer edition (the one that came with MySQL server 5.7.23 installation), as was suggested in some other tickets, but it does not solve the issue.It could be that the issue is caused by the MySQL's apparent switch from yaSSL to OpenSSL (source:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.SSLSupport)
Environment
9.5.0.5284 (64-bit)
MySQL server in the cloud (AWS RDS), version 5.7.21
Hosted in AWS RDS
Windows 10 Professional
The text was updated successfully, but these errors were encountered: