Hi I am trying to set up a MySQL server 8.0.16 on RHEL 7.5. The configuration I am willing to include for this server contains SSL related options.
The MySQL server is initialized but with a warning related to SSL, which is as follows:
mysqld --defaults-file=/mysql_data/config/options.cnf --initialize --user=mysql &
[Warning] [MY-010069] [Server] Failed to set up SSL because of the following SSL library error: SSL_CTX_set_default_verify_paths failed
The directory does not contain the ca.pem file but it does contain private_key.pem, and public_key.pem.
My options file contains following ssl configuration
[mysqld]
# SSL #
ssl-cipher = DHE-RSA-AES256-SHA
**ssl_ca = **/mysql_data/ssl-certs/ca.pem
**ssl_cert = **/mysql_data/ssl-certs/server-cert.pem
**ssl_key = **/mysql_data/ssl-certs/server-key.pem
require_secure_transport = ON
tls_version = TLSv1.2
If I initialize the server without ssl-ca, ssl-cert, ssl-key options, the server is successfully initialized without any warnings and the data directory contains the files
ca-key.pem, client-cert.pem, public_key.pem, server-key.pem, ca.pem, client-key.pem, private_key.pem, server-cert.pem.
Kindly help me understand what mistake I am doing. What is the warning about and why the ca.pem certificate file was not created?
Can I create the SSL certificates in directories other than data directory?
I know i can later create the certificates using openssl or mysql_ssl_rsa_setup.