Enabling SSL


Hi all,


I've been trying to get SSL server-authentication to work on Vertica using generated keys. I followed this guide since it seems to give the most complete overview of the necessary steps: https://community.dev.hpe.com/t5/Vertica-Knowledge-Base/Using-SSL-Server-Authentication-with-Vertica-Validating-Your-SSL/ta-p/236965 .


I have generated the server key and certificate and used them to set the parameters SSLCertificate and SSLPrivateKey. I have also enabled SSL (EnableSSL = 1). Furthermore all the proposed checks seem to give the correct result.


Yet when I start vsql, I don't see the line:


"SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256"


indicating that the SSL is successfully enabled. When I require SSL using the -m require argument I get:


"could not open certificate file "/home/dbadmin/.vsql/client.crt": No such file or directory"


even though I just want to enable server-authentication. As far as I'm aware a client certificate is not needed in this case.


Can anyone point me in the right direction as to what I'm doing wrong. It would be much appreciated.



  • Options
    SruthiASruthiA Vertica Employee Administrator

    Do you have root.crt in /home/dbadmin/.vsql directory

  • Options


    I do have root.crt in /home/dbadmin/.vsql. It is a copy of server.crt as the guide suggests:


    "For the self-signed certificates, the root.crt is the same as the server.crt. cp ./server.crt ./root.crt"


    Thank you for the quick reply.

  • Options
    SruthiASruthiA Vertica Employee Administrator

    Can you remove root.crt from  /home/dbadmin/.vsql directory and try again?

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file