Description:
On the replication SSL page at:
http://dev.mysql.com/doc/refman/5.1/en/replication-solutions-ssl.html
Two options are specified for how to specify the certs for the slave, CHANGE MASTER TO and the my.cnf options.
The my.cnf options are quoted as:
==
On the slave, you have two options available for setting the SSL information. You can either add the slaves certificates to the client section of the slave configuration file, or you can explicitly specify the SSL information using the CHANGE MASTER TO statement.
Using the former option, add the following lines to the client section of the slave configuration file:
[client]
ssl-ca=cacert.pem
ssl-cert=server-cert.pem
ssl-key=server-key.pem
==
The names "server-cert.pem" and "server-key.pem" are identical to the ones used previously for the master options:
==
To enable SSL on the master you will need to create or obtain suitable certificates and then add the following configuration options to the master's configuration within the mysqld section:
ssl-ca=cacert.pem
ssl-cert=server-cert.pem
ssl-key=server-key.pem
==
This implies that they should be identical, whereas the files are actually different.
How to repeat:
Check out the docs. Get confused by the options given.
Suggested fix:
Change the slave options to be:
[client]
ssl-ca=cacert.pem
ssl-cert=client-cert.pem
ssl-key=client-key.pem
These names correspond to the same as what is used for the general SSL page:
http://dev.mysql.com/doc/refman/5.1/en/secure-using-ssl.html
