tag:blogger.com,1999:blog-7894042321258124702.post385535867044632960..comments2024-03-26T00:34:19.058-07:00Comments on MySQLHK: Secured MySQL InnoDB Cluster with Certificate creation using OpenSSLIvan Mahttp://www.blogger.com/profile/00687569372094397421noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-7894042321258124702.post-45386933108735868162022-11-16T17:55:29.030-08:002022-11-16T17:55:29.030-08:00Thanks for this great comment. The article has j...Thanks for this great comment. The article has just been modified to include your valuable info.Ivan Mahttps://www.blogger.com/profile/00687569372094397421noreply@blogger.comtag:blogger.com,1999:blog-7894042321258124702.post-9605821077324772352022-11-16T06:38:11.690-08:002022-11-16T06:38:11.690-08:00REQUIRE X509 is not really user authentication, bu...REQUIRE X509 is not really user authentication, but just CA validation of the client cert. <br /><br />I'd argue you'd need REQUIRE SUBJECT in your user grant authenticate a precise certificate is coming from the client. Router does not seem to play well with this concept: https://bugs.mysql.com/bug.php?id=108920Jay Janssenhttps://www.blogger.com/profile/07146539825543443554noreply@blogger.com