Server Upgrade 5.7.19 -> 5.7.21 causes "Certificate signature check failed" #330
Steps to reproduce this issue
We run a MySQL server in the cloud (AWS RDS). We recently upgraded this server from version 5.7.19 to 5.7.21.
We configure all clients and tools (including HeidiSQL) to use a CA-Certificate file, effectively forcing said tools to connect as if the following CLI command was issued:
Before the server upgrade, all our tools and programs could connect without issue to the MySQL server.
HeidiSQL however gives the error: "SSL connection error: Certificate signature check failed"
When attempting to connect, with a CA-file specified, HeidiSQL gives the error: "SSL connection error: Certificate signature check failed".
When attempting to connect, with a CA-file specified, the connection should be established.
I've no possible solution. We did try overwriting the
It could be that the issue is caused by the MySQL's apparent switch from yaSSL to OpenSSL (source:
I have upgraded to 10.1.0.5573 and I still see the issue (SSL connection error: Certificate signature check failed) with the following keys (as directed to use in https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html):
When I use the region specific certificates, I am able to connect successfully:
https://s3.amazonaws.com/rds-downloads/rds-ca-2015-us-east-1.pem (for example, complete list in the url above)