Tim Dunphy wrote: >> >> The mysqld process runs as the mysql user. It's parent which is the >> mysqld_safe runs as the root user. That being said the mysql user >> needs to have at least read permission to the locations where the ssl files >> are located. By default on Centos the /etc/pki/CA/private directory has >> its directory permissions to only allow the root user. If the mysql user >> cannot read all ssl files SSL will not work. <snip> > Thanks for your reply! That answer actually makes complete sense. Ok, so > here is what I tried, so far without success. I gave the mysql group > ownership of all related directories. And changed group permissions so > that group can access them: > > [root at web2:/etc] #ls -ld /etc/pki/CA > drwxrwxr-x. 6 root mysql 4096 Jan 20 15:58 /etc/pki/CA > [root at web2:/etc] #ls -ld /etc/pki/tls/{private,certs} > drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/certs > drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/private > > Restarted the mariadb service. And when I took another look at the SSL > variable, it's still showing that SSL is not enabled: <snip> Some of those will *not* work. For example, you will has ssh issues yourself is ~/.ssh is *anything* other than 700. No: /etc/pki/CA should NOT be group writeable. Ditto for /etc/pki/tls/cernts and private. mark