Error
Error Code: 59

MySQL Error 59: SSL File Configuration Error

📦 MySQL
📋

Description

This error indicates that MySQL encountered a problem while attempting to load or use an SSL/TLS certificate, key, or CA file. It typically occurs when SSL is enabled but there's an issue with the specified file paths, permissions, or the files themselves during server startup, client connection, or replication setup.
💬

Error Message

SSL error: %s from '%s'.
🔍

Known Causes

4 known causes
⚠️
Incorrect File Paths
The paths specified for the SSL certificate, key, or CA files in the MySQL configuration (my.cnf/my.ini) or connection string are misspelled or point to non-existent locations.
⚠️
Insufficient File Permissions
The MySQL user account lacks the necessary read permissions for the SSL certificate, key, or CA files, preventing the server from accessing them.
⚠️
Corrupted or Invalid SSL Files
The SSL certificate, private key, or CA files are corrupted, malformed, expired, or not valid for SSL/TLS operations.
⚠️
Mismatched Certificate and Key
The specified SSL certificate and private key files do not correspond to each other, leading to a cryptographic mismatch.
🛠️

Solutions

3 solutions available

1. Verify SSL Certificate and Key File Paths easy

Ensure the paths to your SSL certificate, key, and CA certificate files are correctly specified in the MySQL configuration.

1
Locate your MySQL configuration file. This is typically `my.cnf` or `my.ini` on Linux/macOS or `my.ini` in the MySQL installation directory on Windows.
2
Open the configuration file in a text editor.
3
Look for the `[mysqld]` section and verify the following directives. Ensure the paths point to the actual locations of your SSL files.
[mysqld]
ssl_cert = /path/to/your/server-cert.pem
ssl_key = /path/to/your/server-key.pem
ssl_ca = /path/to/your/ca-cert.pem
4
If any paths are incorrect, update them to the correct locations.
5
Save the configuration file and restart the MySQL server.
sudo systemctl restart mysql  # For systemd-based systems
# or
sudo service mysql restart     # For SysVinit-based systems
# or
# Restart via Services snap-in on Windows

2. Check SSL File Permissions medium

Confirm that the MySQL server process has read permissions for the SSL certificate and key files.

1
On Linux/macOS, identify the user that the MySQL server runs as. This is often `mysql`.
ps aux | grep mysqld
2
Navigate to the directory containing your SSL files.
3
Use the `ls -l` command to check the permissions of the `server-cert.pem` and `server-key.pem` files.
ls -l server-cert.pem server-key.pem
4
Ensure that the MySQL user has read permissions. For the private key (`server-key.pem`), it's crucial to restrict permissions further for security. A common setup is `600` or `640` for the key and `644` for the certificate.
sudo chown mysql:mysql server-cert.pem server-key.pem
sudo chmod 644 server-cert.pem
sudo chmod 600 server-key.pem
5
On Windows, right-click on the SSL files, go to 'Properties' > 'Security' tab, and ensure the user account running the MySQL service has 'Read' permissions.
6
Restart the MySQL server after adjusting permissions.
sudo systemctl restart mysql  # For systemd-based systems
# or
sudo service mysql restart     # For SysVinit-based systems
# or
# Restart via Services snap-in on Windows

3. Regenerate or Obtain Correct SSL Files advanced

If the SSL certificate or key files are corrupted, expired, or incorrectly generated, obtain or regenerate them.

1
If you are using self-signed certificates, consider regenerating them. Ensure you follow best practices for creating strong certificates and keys.
openssl req -newkey rsa:2048 -days 365 -nodes -x509 -keyout server-key.pem -out server-cert.pem
openssl req -new -x509 -days 365 -keyout ca-key.pem -out ca-cert.pem
2
If you obtained certificates from a Certificate Authority (CA), verify that the files provided by the CA are correct and haven't been corrupted during transfer. Re-download them if necessary.
3
Ensure that the `server-cert.pem` and `server-key.pem` files correspond to each other. Mismatched keys and certificates are a common cause of SSL errors.
4
Update the paths in your MySQL configuration file (`my.cnf` or `my.ini`) to point to the newly generated or re-downloaded SSL files.
[mysqld]
ssl_cert = /path/to/your/new-server-cert.pem
ssl_key = /path/to/your/new-server-key.pem
5
Restart the MySQL server.
sudo systemctl restart mysql  # For systemd-based systems
# or
sudo service mysql restart     # For SysVinit-based systems
# or
# Restart via Services snap-in on Windows
🔗

Related Errors

5 related errors
48 Error
MySQL Error 48: Defaults Handling Failure Error 48, 'Fatal error in defaults handling. Program aborted!', indicates that a...
60 Error
MySQL Error 60: SSL Connection Failure This error signifies a problem establishing a secure (SSL/TLS) connection betwee...
44 Error
MySQL Error 44: Large Page Size Determination Failure MySQL Error 44 indicates that the database server was unable to detect or utiliz...
47 Error
MySQL Error 47: Defaults File Access Issue MySQL Error 47, 'Failed to open required defaults file', indicates that the MySQ...
49 Error
MySQL Error 49: Invalid Configuration Directive This error signifies that MySQL has detected an unrecognized or malformed direct...