My Oracle Support Banner

MySQL Router usage with --ssl-mode=VERIFY_IDENTITY (Doc ID 2690723.1)

Last updated on AUGUST 24, 2020

Applies to:

MySQL Server - Version 5.7 and later
Information in this document applies to any platform.

Goal

Clients who connect to MySQL via MySQL Router, eg in a typical InnoDB Cluster environment  can use SSL/TLS.

There are no further restrictions on the trust of the destination server, if SSL/TLS is enabled on the target, then the client will attempt to connect securely.

This is the default.

In certain more restrictive environments, clients can require  that the server's identity match their  own  client  certificates or CA,  using  the  --ssl-mode  parameters.

 

When using MySQL Router and specifically only when using the most restrictive configuration of  --ssl-mode=VERIFY_IDENTITY The  connection  will not  succeed if Router is not located on the source or destination hosts.

Having Router on an interim or middle host will fail in these circumstances.


 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.