Abnormality in Enabling SSL Connection to TiDB

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: 开启ssl连接tidb异常

| username: RyanHowe

I deployed a TiDB instance (version 5.4) using k8s, with the operator version being 1.4.0. I enabled secure communication for client connections to TiDB by setting the value of .spec.tidb.tlsClient.enabled to true. I generated a set of certificates myself, including the CA, public key, and private key. After enabling SSL, the secrets for both the client and server were automatically generated:

Image1081×385 66.2 KB

The content of the secret is the PEM certificate encoded in base64:

Image980×1000 436 KB

However, when connecting to the instance using the MySQL client, I encountered an error. The connection command is:
mysql -u root -p -P4000 -h127.0.0.1 --ssl-ca client-ca.pem

The error reported is:
ERROR 2026 (HY000): SSL connection error: unknown error number

The error description is indeed too brief, and I’m not sure where I went wrong. Has anyone configured certificates for secure connections before? I hope someone can help me troubleshoot this issue. Thank you.

| username: Lucien-卢西恩 | Original post link

You can perform two tests:

1. Try using other clients such as DBeaver or Navicat to see if you can connect;
2. Replace the MySQL Client version with version 8.0 and try again.

| username: RyanHowe | Original post link

The issue has been resolved. I was using the wrong certificate when connecting. I tested it myself and found that using the tls.crt certificate from the secret works. Previously, I was using ca.crt, which was incorrect.

| username: system | Original post link

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.