Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
899 views
in Technique[技术] by (71.8m points)

mysql - Getting Mysql2::Error (SSL connection error: ASN: bad other signature confirmation) on Heroku App with AWS RDS

Mysql2::Error (SSL connection error: ASN: bad other signature confirmation):

I am making an administration site. The environment is Rails 4.2 and Ruby 2.2, connecting AWS RDS with Heroku server. I don't know why getting this error. It suddenly appeared. I can't find any errors other than this. Although I passed my codes two days ago, I got this error this time.(I haven't touched this code while the two days.) Do you come up with any ideas to solve this problem?

Thanks!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

For me, this had to do with the RDS SSL Certificate Rotation that happened on April 3rd, 2015.

However, in my case, just using the root certificate did not work, and I had to use a intermediate certificate for my region as well. Details:

  1. Go into the AWS rds console and reboot your RDS instance.
  2. Download the new root certificate https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem. Put it into the config directory of your app.

  3. Download the intermediate certificate for your database region here. I had to use the US east one, but you will have to pick the one for your region.

  4. This is the key step. You need to combine the intermediate certificate and the root certificate into one file so that the intermediate certificate is above the root certificate, forming a certificate chain. Open the intermediate certificate using a text editor, copy its contents, and paste them into config/rds-ca-2015-root.pem, on top, above the root cetrtificate. So, after you are done, config/rds-ca-2015-root.pem should be the intermediate certificate followed by the root certificate, all in this file.

  5. Get your current database url heroku config and then look for the DATABASE_URL property

  6. Update your database URL to use the new certificate file. All you should have to change is the name of the certificate (since its now called rds-ca-2015-root.pem)
    heroku config:add DATABASE_URL="mysql2://DB_NAME:DB_PASSWORD@DB_URL/DB_NAME?sslca=config/rds-ca-2015-root.pem"

  7. Commit the changes and redeploy to Heroku. Good luck!


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...