MySQL 加了SSL之后,phpMyAdmin就无法登录进去了

编译了MySQL社区版5.5.61,其中包括了SSL证书,即-DWITH_SSL=bundled,用的是OpenSSL v1.1.0i。编译是成功的,编译完后可以使用。

进而又增加了SSL连接,在机器上生成了证书,是按照MySQL官方这份手册说明进行的。

然后在MySQL的配置文件中进行了修改,增加了一些内容如下

[client]
...
ssl-ca=/path/to/ca.pem
ssl-cert=/path/to/client-cert.pem
ssl-key=/path/to/client-key.pem

[mysqld]
...
ssl-ca=/path/to/ca.pem
ssl-cert=/path/to/server-cert.pem
ssl-key=/path/to/server-key.pem

在启动MySQL之后,检查状态,有

mysql> SHOW VARIABLES LIKE '%ssl%';
+---------------+---------------------------------------+
| Variable_name | Value                                 |
+---------------+---------------------------------------+
| have_openssl  | YES                                   |
| have_ssl      | YES                                   |
| ssl_ca        | /path/to/ca.pem          |
| ssl_capath    |                                       |
| ssl_cert      | /path/to/server-cert.pem |
| ssl_cipher    |                                       |
| ssl_key       | /path/to/server-key.pem  |
+---------------+---------------------------------------+
7 rows in set (0.00 sec)

以及

mysql> \s
--------------
./mysql  Ver 14.14 Distrib 5.5.61, for Linux (i686) using  EditLine wrapper

Connection id:          3
Current database:
Current user:           root@localhost
SSL:                    Cipher in use is DHE-RSA-AES256-SHA
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server version:         5.5.61-log Source distribution
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    utf8mb4
Db     characterset:    utf8mb4
Client characterset:    utf8
Conn.  characterset:    utf8
UNIX socket:            /tmp/mysql.sock
Uptime:                 1 hour 2 min 50 sec

然而,用phpMyAdmin v4.8.2却登录不了,提示说
mysqli_real_connect(): Cannot connect to MySQL by using SSL。这个其实还是在我把phpMyAdmin中的host参数修改为127.0.0.1之后,用localhhost的情况下,报出的错误信息更多几条,在Stack Overflow上查到有人说换成IP地址会好一些,因为不用socket套接字连接。

phpMyAdmin的配置部分如下

$cfg['Servers'][$i]['host'] = '127.0.0.1';
$cfg['Servers'][$i]['port'] = '3306';
$cfg['Servers'][$i]['socket'] = '/tmp/mysql.sock';
$cfg['Servers'][$i]['connect_type'] = 'tcp'; 
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['AllowNoPassword'] = false;
/* Use SSL for connection to database server */
$cfg['Servers'][$i]['ssl'] = true;
$cfg['Servers'][$i]['ssl_key'] = '/path/to/server-key.pem';
$cfg['Servers'][$i]['ssl_cert'] ='/path/to/server-cert.pem';
$cfg['Servers'][$i]['ssl_ca'] = 'ca.pem';
$cfg['Servers'][$i]['ssl_ca_path'] = '/path/to/';
$cfg['Servers'][$i]['ssl_ciphers'] = 'DHE-RSA-AES256-SHA';
$cfg['Servers'][$i]['ssl_verify'] = true;

现在用其它php程序正常使用,比如Nextcloud,我猜想也许是Nextcloud与MySQL间并没有采用SSL,还或者是phpMyAdmin这个PHP程序就是连不上MySQL的SSL方式呢?它可以在非SSL方式下连接进去MySQL的。

请问phpMyAdmin究竟是为什么无法登录呢?

阅读 3.7k
撰写回答
你尚未登录,登录后可以
  • 和开发者交流问题的细节
  • 关注并接收问题和回答的更新提醒
  • 参与内容的编辑和改进,让解决方法与时俱进
推荐问题
宣传栏