Please take this survey to help us learn more about how you use third party tools. Your input is greatly appreciated!

Enabling SSL

 

Hi all,

 

I've been trying to get SSL server-authentication to work on Vertica using generated keys. I followed this guide since it seems to give the most complete overview of the necessary steps: https://community.dev.hpe.com/t5/Vertica-Knowledge-Base/Using-SSL-Server-Authentication-with-Vertica-Validating-Your-SSL/ta-p/236965 .

 

I have generated the server key and certificate and used them to set the parameters SSLCertificate and SSLPrivateKey. I have also enabled SSL (EnableSSL = 1). Furthermore all the proposed checks seem to give the correct result.

 

Yet when I start vsql, I don't see the line:

 

"SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256"

 

indicating that the SSL is successfully enabled. When I require SSL using the -m require argument I get:

 

"could not open certificate file "/home/dbadmin/.vsql/client.crt": No such file or directory"

 

even though I just want to enable server-authentication. As far as I'm aware a client certificate is not needed in this case.

 

Can anyone point me in the right direction as to what I'm doing wrong. It would be much appreciated.

 

Comments

  • SruthiASruthiA Employee

    Do you have root.crt in /home/dbadmin/.vsql directory

  •  

    I do have root.crt in /home/dbadmin/.vsql. It is a copy of server.crt as the guide suggests:

     

    "For the self-signed certificates, the root.crt is the same as the server.crt. cp ./server.crt ./root.crt"

     

    Thank you for the quick reply.

  • Can you remove root.crt from  /home/dbadmin/.vsql directory and try again?

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file

Can't find what you're looking for? Search the Vertica Documentation, Knowledge Base, or Blog for more information.