Hi there
I have a big issue regarding connection Haproxy to mysql throught ssl with mysql self signed cert.
Below my cfg
global
log 127.0.0.1 local0
user haproxy
group haproxy
maxconn 10000
stats socket ipv4@127.0.0.1:9997 level admin
stats socket /var/run/haproxy.sock mode 666 level admin
stats timeout 2m
ssl-server-verify none
tune.ssl.default-dh-param 2028
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256
defaults
log global
retries 2
timeout connect 5000
timeout server 50000
timeout client 50000
listen stats
bla bla bla for webif…
listen Databases_QA
bind :3307 ssl crt /etc/haproxy/cert-qa/full-client.pem
mode tcp
option ssl-hello-chk
option mysql-check user haproxy
balance roundrobin
server DBQ01 10.x.x.1:3306 ssl crt /etc/haproxy/cert-qa/full-client.pem verifycheck maxconn 2000 inter 4000
server DBQ02 10.x.x.2:3306 ssl crt /etc/haproxy/cert-qa/full-client.pem verify none check maxconn 2000 backup inter 4000
Each time same error: “SSL Handshake failure” or “SSL Handshake failer (Broken Pipe)”
full-client.pem is a cut/paste of mysql self signed cert client-key.pem client-cert.pem, this is wrong?
under mysql folder i have a lot of files, which of this i need to use?
ca-key.pem
ca.pem
client-cert.pem
client-key.pem
private_key.pem
public_key.pem
server-cert.pem
server-key.pem
Please could you help me?
1 post - 1 participant