- Newest
- Most votes
- Most comments
There will be more risks to turn off the SSL authentication between your databases. I would suggest you to not do that. But you can check whether you have any security policies in place that require SSL connections ? if so, you need to update those policies.
Try these steps instead,
- make sure your SSL Certificate is installed correctly on the client application
- if the SSL certificate is valid and installed correctly and still you are getting the error . Try these steps Restart the client application, clear the SSL cache on the client application, update the application to latest version
Additional things to be remembered while troubleshooting SSL certificate issues:
- SSL certificate must be installed in the correct location on the client application
- firewall or proxy server between the client application and the Aurora MySQL cluster must not be blocking the SSL connections
This is NOT the SSL connection between a client application and the Aurora/Mysql server, but between two Aurora/mysql servers using cross region replication. Aurora/Mysql does not give any manual control over any of the SSL certificate. I don't know what security policies could break that, considering I have no control over the security policies, those are all controlled internally by Aurora/Mysql.
Relevant content
- asked 2 years ago
- asked 22 days ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
It would be interesting to see the cert that the gov-west master is presenting. Is there an EC2 instance on which port 3306 is open between it and the master (and if there isn't then could you quickly and temporarily provision one?) on which you could run
openssl s_client -showcerts -connect 10.8.15.0:3306
Steve_M - So I think that the 10.8.15.0 IP is an internal Aurora IP, all my replicas are saying that they're replicating off that, regardless of what server they're actually replicating. Maybe it's some intermediate server?