Failed to initialize SSL
I have a test database that does not start because of an invalid SSLPrivateKey / SSLCertificate.
The following messages are in the log.
2018-07-30 13:30:26.007 Spread Client:7fb43c614700 @v_d2_node0001: VX001/6211: Could not load server private key from SSLPrivateKey config parameter: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
2018-07-30 13:30:26.007 Spread Client:7fb43c614700 @v_d2_node0001: VX001/3380: Failed to initialize SSL
LOCATION: doInstallAndJoin, /scratch_a/release/svrtar21434/vbuild/vertica/Transaction/TransAPI.cpp:3512
Since these parameters are loaded from the catalog, what is the antidote for resetting to non SSL and starting the database successfully ?
There is a mention of KM03014326 found with a google search on microfocus logo on it, but it is an invalid link / article attached to it. (https://softwaresupport.softwaregrp.com/kb/KM03014326)
Thanks.
Comments
Assuming you are running SSL Mutual Mode where the client needs certificate, key, and certificate authority files.
Turn off SSL in the database (example using vsql) set EnableSSL = 0:
and remove EnableSSL=true from you connection strings
You need to restart the database after the alter. Hope that helps
Hi Scott, The database is down ( could not be started after SSL cert was applied) , hence the error "Failed to initialize SSL" in the subject line. Therefore, we cannot use vsql on a down database. I am looking onto how to disable SSL on a downed database so that we could bring it up. Hope this makes sense and I hope this would benefit someone else as well. Having a down database is no fun for anyone. !
@colin_loghin - Which version of Vertica is this? Have you opened a Vertica Support Case yet?
This is vertica 8.1 . I have not opened a support case. Is this forum not worthwhile of an answer ? If i were a customer having this problem in the middle of the night , i would rather do a 2 sec. google search and find a cure rather than wake up vertica support engineers for a down vertica instance.
Vertica support engineers never sleep
Ha hah!
How are you starting the DB? With admintools? If so, can you post the output? If you aren't using admintools, can you try, then post the output?
Can you also post the contents of the vertica.conf file? It is located in the catalog directory (i.e. the same directory that contains the vertica.log file).
How many nodes are there in the test cluster?
Yes, I am starting the DB with admintools. It is a 1 node test database. The output from vertica.log ( i dont see anything relevant in admintools.log ) has been posted in the first comment of this post. vertica.conf is empty because the parameters are now read from the catalog and anything added into vertica.conf is ignored.
Any vertica experts here on this forum ? There must be a way to disable SSL on a downed database.
@colin_loghin - Send me your email address and I will help you.
My email address is james.knicely@microfocus.com.
@colin_loghin - Do you have a valid SSLPrivateKey and SSLCertificate info in files?
If so, you can change the DB settings via admintools:
[dbadmin@s18384357 ~]$ admintools -t set_ssl_params --help Usage: set_ssl_params [options] Options: -h, --help show this help message and exit -d DB, --database=DB Name of database whose parameters will be set -k KEYFILE, --ssl-key-file=KEYFILE Path to SSL private key file -c CERTFILE, --ssl-cert-file=CERTFILE Path to SSL certificate file -a CAFILE, --ssl-ca-file=CAFILE Path to SSL CA file -p DBPASSWORD, --password=DBPASSWORD Database password in single quotesExample:
Fyi... You can also clear the parameter with admintools.
Example:
I have the SSLPrivateKey param set:
[dbadmin@s18384357 ~]$ vsql -c "SELECT left(current_value, 25) FROM configuration_parameters WHERE parameter_name = 'SSLPrivateKey';" left --------------------------- -----BEGIN RSA PRIVATE KE (1 row)Now I will clear it! First I will shut down the DB so that I am in a similar situation as you (Downed node).
[dbadmin@s18384357 ~]$ admintools -t stop_db -d test_db Info: no password specified, using none Connecting to database Issuing shutdown command to database Database test_db stopped successfullyI created an empty file called clear_server.key. I will use that to clear the SSLPrivateKey Vertica parameter...
[dbadmin@s18384357 ~]$ cat clear_server.key [dbadmin@s18384357 ~]$ admintools -t set_ssl_params -k clear_server.key -d test_db Success. Change committed on a quorum of nodes. [dbadmin@s18384357 ~]$ admintools -t start_db -d test_db Info: no password specified, using none Starting nodes: v_test_db_node0001 (74.208.100.58) Starting Vertica on all nodes. Please wait, databases with a large catalog may take a while to initialize. Node Status: v_test_db_node0001: (DOWN) Node Status: v_test_db_node0001: (DOWN) Node Status: v_test_db_node0001: (DOWN) Node Status: v_test_db_node0001: (DOWN) Node Status: v_test_db_node0001: (UP) Database test_db: Startup Succeeded. All Nodes are UP [dbadmin@s18384357 ~]$ vsql -c "SELECT left(current_value, 25) FROM configuration_parameters WHERE parameter_name = 'SSLPrivateKey';" left ------ (1 row)It's cleared!
Clearing that parameter should let you start the DB.
This was the solution i was looking for. Tried it with single node cluster and worked well. Hope it works also for multi-node. Thank you Jim.