• When using the mysql 2.1.0 for cf cli, users encounter errors like below when connecting to databases:
  
  ERROR 2026 (HY000): SSL connection error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
FAILED
  
  NOTE: This plugin is not maintained by Broadcom developers, please submit problems with this plugin as issues in the mysql plugin repo directly
  
  
• Using the 2.0.0 version of the plugin succeeds with no errors.
• This problem occurs after replacing the /service/tls_ca certificate from Opsmanager (following the Tanzu for MySQL documented process).

This problem starts in the mysql plugin 2.1.0 for cf cli.

In version 2.1.0 of the mysql for cf cli plugin, there is a service key created against the MySQL tile service instance. This service key advertises a ca field which exposes the /service/tls_ca value that the broker was last deployed with. If the CA was rotated, but the broker wasn't updated/redeployed, the new service keys might have a stale ca value.

Use the steps detailed in the mysql for cf cli plugin documentation to remove the old service key. Then log back into the MySQL instance to regenerate the key and ingest the new CA value.