On the MariaDB REPLICA, the setting MASTER_SSL_VERIFY_SERVER_CERT indicates whether the REPLICA should perform server certificate verification of the PRIMARY's certificate. Rationale: When establishing TLS connections, clients use certificate verification to authenticate the server as their intended peer in the connection. In this case, the REPLICA (client) should verify the PRIMARY's (server's) certificate to authenticate the PRIMARY prior to continuing the connection. Impact: When using CHANGE MASTER TO, be aware of the following: REPLICA processes need to be stopped by running STOP REPLICA prior to executing CHANGE MASTER TO Use of CHANGE MASTER TO starts new relay logs without keeping the old ones unless explicitly told to keep them When CHANGE MASTER TO is invoked, some information is dumped to the error log (previous values for MASTER_HOST, MASTER_PORT, MASTER_LOG_FILE, and MASTER_LOG_POS) Invoking CHANGE MASTER TO will implicitly commit any ongoing transactions in the session where the CHANGE MASTER TO was run, but not all ongoing transactions on the database.
Solution
To remediate this setting, you must use the CHANGE MASTER TO command. STOP REPLICA; -- required if replication was already running CHANGE MASTER TO MASTER_SSL_VERIFY_SERVER_CERT=1; START REPLICA; -- required if you want to restart replication Default Value: Disabled.