100688 〈TRUSTED〉

Instead of relying on auto-generated system certificates, use a manually configured Public Key Infrastructure (PKI) to ensure certificates do not change unexpectedly on service restarts.

Ensure that the ssl-ca , ssl-cert , and ssl-key variables in the MySQL configuration (e.g., my.cnf ) point to the correct, persistent certificate files. 100688

The issue is often triggered by how systemd services interact with automatically generated certificate files. When the service restarts, it may recreate or misconfigure the paths to these certificates, leading to a "handshake failure" or validation error. When the service restarts, it may recreate or

Because the system automatically manages these files upon restart, manual fixes like static file replacement are often overwritten or rendered ineffective. Recommended Resolutions This typically occurs because the system fails to

MySQL Bug #100688 identifies a problem where clients are unable to connect to a remote MySQL server when using certain public or CA-signed certificates. This typically occurs because the system fails to correctly validate the certificate chain when the server and client reside on different remote hosts.

To resolve this connectivity issue, administrators typically need to: