Bug #84531 Add auto_generate_certs=OFF like setting for sysv init and systemd
Submitted: 17 Jan 2017 12:37 Modified: 6 Apr 2018 13:46
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: Security: Encryption Severity:S4 (Feature request)
Version:5.7 OS:Any
Assigned to: CPU Architecture:Any
Tags: SSL, systemd, sysv init, tls

[17 Jan 2017 12:37] Daniël van Eeden
See also https://bugs.mysql.com/bug.php?id=84527

For OpenSSL based auto generation of certificates there is an OFF switch, however a similar function seems to be missing for the mysql_ssl_rsa_setup which is called from /etc/init.d/mysqld 

How to repeat:
See description

Suggested fix:
Check auto_generate_certs setting in the SysV init script.
[18 Jan 2017 6:45] MySQL Verification Team
Hello Daniël,

Thank you for the feature request!

[6 Apr 2018 13:46] Daniël van Eeden
mysqld.service has:


When MySQL is on a mountpoint like /data/mysql this could cause mysql to start before the filesystem is mounted. But it could also run the mysqld_pre_systemd before the mountpoint is mounted and mount it while it runs.

Maybe it should depend on local-fs.target or data-mysql.mount (the later being dynamic). Or it could use RequireMountsFor=/path/to/datadir

For now the workaround seems to be to put "NO_INIT=1" in /etc/sysconfig/mysql or override the systemd config.