I will preface by saying I can connect to the DB instance when I'm not trying to go over SSL.
I am following this guide here
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Connect.html
I have ensured the db instance is public facing.
The security group of the VPC has the following rules:
Type Protocol Port Range Source
MySQL/Aurora (3306) TCP (6) 3306 my_ip_address/32
MySQL/Aurora (3306) TCP (6) 3306 sg-security_group_name
Where the security_group_name is the security group for my EC2 cluster.
I am using the cluser endpoint of my aurora cluster. And I've removed the port. I installed mysql on my machine using homebrew. This is the command I am trying from my local machine (macbook):
mysql -h blah-database-cluster.cluster-dfgdgfd.us-east-1.rds.amazonaws.com --ssl-ca=rds-ssl-ca-cert.pem --ssl-verify-server-cert
Where rds-ssl-ca-cert.pem is the file I downloaded from here:
http://s3.amazonaws.com/rds-downloads/rds-ssl-ca-cert.pem
I get the error:
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
I have tried creating a new instance, rebooting etc and no joy. Does my security group need some kind of https rule?
Edit:
Further clue. When I run mysql --ssl locally it doesn't error. But when I do mysql show_variables, it says SSL false and the have_ssl and have_open_ssl variables don't exist. Could this be the problem? I installed the local mysql via homebrew package manager for mac.
New edit:
I re-installed mysql (previously from brew) and now direct from oracle and when I try to connect it gives a different error - SSL connection error: ASN: bad other signature confirmation