MySQL: Unable to establish SSL connection.

原创

nkgines 2022-08-23 15:57:06 博主文章分类：数据库系列 ©著作权

文章标签 ssl centos rpm mysql bash 文章分类 运维

©著作权归作者所有：来自51CTO博客作者nkgines的原创作品，请联系作者获取转载授权，否则将追究法律责任

参考 “CentOS 7 下安装mysql步骤”
使用 “wget + url” 获取 mysql-server rpm安装包时，出现如下异常提示：

Connecting to repo.mysql.com (repo.mysql.com)|223.119.236.209|:443... connected.

Unable to establish SSL connection.

查资料，通过指定参数免去验证过程。注意参数形式，否则仍旧不能正常访问 URL.

参数设置，其中注意 no 前 2 条横线

--no-check-certificate

-bash-4.2$ 
wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm -no-check-certificate

wget: illegal option -- `-no'
Usage: wget [OPTION]... [URL]...

Try `wget --help'

-bash-4.2$ 
wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm --no-check-certificate

https://repo.mysql.com//mysql57-community-release-el7-8.noarch.rpm
Resolving repo.mysql.com (repo.mysql.com)... 223.119.236.209
Connecting to repo.mysql.com (repo.mysql.com)|223.119.236.209|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9116 (8.9K) [application/x-redhat-package-manager]
Saving to: ‘mysql57-community-release-el7-8.noarch.rpm’

100%[======================================================================================================================>] 9,116       --.-K/s   in 0s      

2017-08-29 22:05:29 (44.5 MB/s) - ‘mysql57-community-release-el7-8.noarch.rpm’ saved [9116/9116]

最后，通过 man 命令查看 wget 命令参数.

-bash-4.2$ man wget
...
--no-check-certificate

1. Don't check the server certificate against the available certificate authorities.  Also don't require the URL host name to   match the common name presented by the certificate.
2. As of Wget 1.10, the default is to verify the server's   certificate against the recognized certificate authorities,   breaking the SSL handshake and aborting the download if the   verification fails.  Although this provides more secure downloads,   it does break interoperability with some sites that worked with   previous Wget versions, particularly those using self-signed,   expired, or otherwise invalid certificates.  This option forces an "insecure" mode of operation that turns the certificate verification errors into warnings and allows you to proceed.
3. If you encounter "certificate verification" errors or ones saying that "common name doesn't match requested host name", you can use this option to bypass the verification and proceed with the download.  Only use this option if you are otherwise convinced of the site's authenticity, or if you really don't care about the validity of its certificate.  It is almost always a bad idea not to check the certificates when transmitting confidential or

https://stackoverflow.com/questions/28757232/unable-to-establish-ssl-connection-upon-wget-on-ubuntu-14-04-lts