I want to set up an Encrypted connection from my Ubuntu Server to an Aurora Serverless MySQL with engine version 5.7, however SSL seems to be disabled on the service by default.
show variables like '%ssl%';
| Variable_name | Value
| have_openssl | DISABLED |
| have_ssl | DISABLED
This is unlike Aurora RDS where using SSL is pretty straightforward and enabled by default.
This is the error:
mysql -h <cluster-endpoint> -u <username> -p --ssl-ca=rds-ca-2019-us-east-1-bundle.pem
Enter password:
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
Mysql client version
mysql Ver 14.14 Distrib 5.7.31, for Linux (x86_64) using EditLine wrapper
Parameter Group settings are default.
The error seems to be similar to the ones addressed here but the message is completely different.
https://aws.amazon.com/premiumsupport/knowledge-center/rds-error-2026-ssl-connection/
The TLS/SSL for Serverless documentation seems to suggest the usage is basically the same for RDS and Serverless.
I am pretty much a Database Noob, any troubleshooting help would be appreciated.
There are two important things you need to know about Aurora Serverless.
The use of SSL is highly recommended and it’s the first choice for establishing a new connection. So you don't need to do anything about that. You definitely don't need to download SSL/TLS certificates and in fact you shouldn't. Let the rotation and management of certificates on Aurora. It makes your life simpler.
Based on the official documentation [1] - checking
have_opensslorhave_sslis not the right thing to validate your connection uses SSL. You need to use--ssl-modeparameter to validate that.[1] https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.tls