MySQL SSL Key File


ssl_ctx_set_default_verify_paths failed

I’m having trouble getting the SSL Key File path to work. I’m on the latest version of Redash (6.0.0+b8537) upgraded from the image available in Google Compute Engine. When I try to add a MySQL datasource with an SSL key file I’m getting this error that pops up:

Here’s the setup I have in Redash:

And here are my permissions for the key files:

I’m assuming I’m missing something quite obvious, but I don’t know what it could be.

Technical details:

  • Redash Version: 6.0.0+b8537
  • Browser/OS: Chrome/Windows
  • How did you install Redash: Image from Google Compute Image.


Little update on what I’ve discovered. It looks like this error message isn’t coming from just local file permissions. It’s coming from communicating with the external database server. I tried connecting to a different IP address and I didn’t get that same error message. So, it’s possibly a firewall issue preventing some sort of handshake between the MySQL server and my Redash server. Will update if I make any more progress.


Are you using the image which uses Docker Compose? In this case, you will need to make this files available in the Docker container and not only in your host filesystem. Probably setup a VOLUME to share it with the containers.


I am, yes. I haven’t really done anything with Docker before, so I’m realizing this will be common for a few different items, like email integration for example. Looks like the defaults container’s DNS doesn’t recognize the SMTP server for Mailgun. I’ve got some direction now and I expect to get it to work, soon. Thanks.


I solved this issue. If anyone else encounters this, here’s what I did. I copied the needed ssl key files to /home/kevin on my host system. Then I edited docker-compose.yml file for the server container and added a volume that points back to this host directory. It looks like this:

command: server
  - "5000:5000"
  - /home/kevin:/sslcerts

Now in the datasources I can refer to the .pem files using the path /sslcerts/ca.pem (etc). I figured this out by looking at the postgres container and notices that it is referencing host files in a similar way. Hopefully this works for someone else, if need, too.