MySQL Router usage with --ssl-mode=VERIFY_IDENTITY
(Doc ID 2690723.1)
Last updated on AUGUST 24, 2020
Applies to:MySQL Server - Version 5.7 and later
Information in this document applies to any platform.
Clients who connect to MySQL via MySQL Router, eg in a typical InnoDB Cluster environment can use SSL/TLS.
There are no further restrictions on the trust of the destination server, if SSL/TLS is enabled on the target, then the client will attempt to connect securely.
This is the default.
In certain more restrictive environments, clients can require that the server's identity match their own client certificates or CA, using the --ssl-mode parameters.
When using MySQL Router and specifically only when using the most restrictive configuration of --ssl-mode=VERIFY_IDENTITY The connection will not succeed if Router is not located on the source or destination hosts.
Having Router on an interim or middle host will fail in these circumstances.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document