使用 AWS RDS 在 Heroku 应用程序上获取 Mysql2::Error(SSL 连接错误:ASN:其他签名确认错误)
Mysql2::Error(SSL连接错误:ASN:其他签名确认错误):
我正在制作一个管理网站.环境是Rails 4.2和Ruby 2.2,连接AWS RDS和Heroku服务器.我不知道为什么会出现这个错误.它突然出现.除了这个,我找不到任何错误.虽然我前两天通过了我的代码,但这次我出现了这个错误.(这两天我没有碰过这个代码.)
I am making an administration site. The environment is Rails 4.2 and Ruby 2.2, connecting AWS RDS with Heroku server. I don't know why getting this error. It suddenly appeared. I can't find any errors other than this. Although I passed my codes two days ago, I got this error this time.(I haven't touched this code while the two days.)
我该如何解决这个问题?
How can I solve this problem?
推荐答案
对我来说,这与 2015 年 4 月 3 日发生的 RDS SSL 证书轮换有关.
For me, this had to do with the RDS SSL Certificate Rotation that happened on April 3rd, 2015.
但是,就我而言,仅使用根证书是行不通的,而且我还必须为我所在的地区使用中间证书.详情:
However, in my case, just using the root certificate did not work, and I had to use a intermediate certificate for my region as well. Details:
进入 AWS rds 控制台并重启您的 RDS 实例.
Go into the AWS rds console and reboot your RDS instance.
下载新的根证书https:///s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem.将其放入应用的 config 目录中.
Download the new root certificate https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem. Put it into the config directory of your app.
为您的数据库区域下载中间证书此处.我不得不使用美国东部的一个,但你必须为你所在的地区选择一个.
Download the intermediate certificate for your database region here. I had to use the US east one, but you will have to pick the one for your region.
这是关键步骤.您需要将中间证书和根证书合并为一个文件,使中间证书在根证书之上,形成一个证书链.使用文本编辑器打开中间证书,复制其内容,并将它们粘贴到 config/rds-ca-2015-root.pem 中,在根证书上方的顶部.所以,完成后,config/rds-ca-2015-root.pem 应该是中间证书,然后是根证书,都在这个文件中.
This is the key step. You need to combine the intermediate certificate and the root certificate into one file so that the intermediate certificate is above the root certificate, forming a certificate chain. Open the intermediate certificate using a text editor, copy its contents, and paste them into config/rds-ca-2015-root.pem, on top, above the root certificate. So, after you are done, config/rds-ca-2015-root.pem should be the intermediate certificate followed by the root certificate, all in this file.
获取您当前的数据库网址
Get your current database url
heroku config
然后查找 DATABASE_URL 属性
and then look for the DATABASE_URL property
- 更新您的数据库 URL 以使用新的证书文件.您只需要更改证书的名称(因为它现在称为rds-ca-2015-root.pem)
heroku
config:add DATABASE_URL="mysql2://DB_NAME:DB_PASSWORD@DB_URL/DB_NAME?sslca=config/rds-ca-2015-root.pem"
- 提交更改并重新部署到 Heroku.
相关文章