revert certificate generation for mysql that only accept double signed certificates !?

gen-ssl.sh

@@ -24,6 +24,7 @@ main() {
   local fqdn="$1"
   local sslDir="$2"
   local cnfDir="$3"
+  local srvType="$4"
   [[ "${fqdn}" != "" ]] || print_usage
   [[ -d "${sslDir}" ]] || print_error "Directory does not exist: ${sslDir}"
 
@@ -71,16 +72,30 @@ main() {
   -nodes
 
   log "Generating X509 certificate"
-  openssl x509 \
-  -req \
-  -sha1 \
-  -set_serial 01 \
-  -CA "${caCertFile}" \
-  -CAkey "${caKeyFile}" \
-  -days 3650 \
-  -in "${csrFile}" \
-  -out "${certFile}"
-#  -extfile "${cnfDir}/server_cert_ext.cnf"
+  if [ "$srvType" == "mysql" ]  ; then
+    #for some reason, mysql only accept double signed certificates !?
+    openssl x509 \
+    -req \
+    -sha1 \
+    -set_serial 01 \
+    -CA "${caCertFile}" \
+    -CAkey "${caKeyFile}" \
+    -days 3650 \
+    -in "${csrFile}" \
+    -signkey "${keyFile}" \
+    -out "${certFile}"
+  else
+    openssl x509 \
+    -req \
+    -sha1 \
+    -set_serial 01 \
+    -CA "${caCertFile}" \
+    -CAkey "${caKeyFile}" \
+    -days 3650 \
+    -in "${csrFile}" \
+    -out "${certFile}" \
+    -extfile "${cnfDir}/server_cert_ext.cnf"
+  fi
 
   log "Generating client certificate"
   openssl req \

launch.sh

@@ -10,7 +10,7 @@ set -o pipefail
 generate_ssl () {
   ls -lrt /etc/ssl
   sudo mkdir -p /etc/ssl/mariadb
-  sudo /bin/bash $PROJ_PATH/gen-ssl.sh mariadb.example.com /etc/ssl/mariadb $PROJ_PATH
+  sudo /bin/bash $PROJ_PATH/gen-ssl.sh mariadb.example.com /etc/ssl/mariadb $PROJ_PATH/cert $TYPE
   sudo sh -c 'cat /etc/ssl/mariadb/ca.crt /etc/ssl/mariadb/server.crt > /etc/ssl/mariadb/ca_server.crt'
   sudo sh -c 'cat /etc/ssl/mariadb/ca.crt /etc/ssl/mariadb/client.crt > /etc/ssl/mariadb/ca_client.crt'
   export TEST_DB_SERVER_CERT=/etc/ssl/mariadb/ca_server.crt