Eu usei:
# Generate a CA key and certificate with SHA1 digest
openssl genrsa 2048 > ca-key.pem;
openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem;
# Create server key and certficate with SHA1 digest, sign it and convert
# the RSA key from PKCS #8 (OpenSSL 1.0 and newer) to the old PKCS #1 format
openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout server-key.pem > server-req.pem;
openssl x509 -sha1 -req -in server-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem;
openssl rsa -in server-key.pem -out server-key.pem;
# Create client key and certificate with SHA digest, sign it and convert
# the RSA key from PKCS #8 (OpenSSL 1.0 and newer) to the old PKCS #1 format
openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout client-key.pem > client-req.pem;
openssl x509 -sha1 -req -in client-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem;
openssl rsa -in client-key.pem -out client-key.pem;
para configurar o meu ssl (ubuntu 12.04). Minha configuração mysql contém:
[client]
ssl-cert=/etc/mysql/client-cert.pem
ssl-key=/etc/mysql/client-key.pem
[mysqld]
ssl-ca=/etc/mysql/ca-cert.pem
ssl-cert=/etc/mysql/server-cert.pem
ssl-key=/etc/mysql/server-key.pem
Dê uma olhada em esta postagem para depurar o SSL. E este post para as mudanças no openssl (Ubuntu 10.04 - > 14.04).