Enabling SSL

TimNooren

 

Hi all,

 

I've been trying to get SSL server-authentication to work on Vertica using generated keys. I followed this guide since it seems to give the most complete overview of the necessary steps: https://community.dev.hpe.com/t5/Vertica-Knowledge-Base/Using-SSL-Server-Authentication-with-Vertica-Validating-Your-SSL/ta-p/236965 .

 

I have generated the server key and certificate and used them to set the parameters SSLCertificate and SSLPrivateKey. I have also enabled SSL (EnableSSL = 1). Furthermore all the proposed checks seem to give the correct result.

 

Yet when I start vsql, I don't see the line:

 

"SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256"

 

indicating that the SSL is successfully enabled. When I require SSL using the -m require argument I get:

 

"could not open certificate file "/home/dbadmin/.vsql/client.crt": No such file or directory"

 

even though I just want to enable server-authentication. As far as I'm aware a client certificate is not needed in this case.

 

Can anyone point me in the right direction as to what I'm doing wrong. It would be much appreciated.

 

SruthiA

Do you have root.crt in /home/dbadmin/.vsql directory

TimNooren

 

I do have root.crt in /home/dbadmin/.vsql. It is a copy of server.crt as the guide suggests:

 

"For the self-signed certificates, the root.crt is the same as the server.crt. cp ./server.crt ./root.crt"

 

Thank you for the quick reply.

SruthiA

Can you remove root.crt from  /home/dbadmin/.vsql directory and try again?