SSL setup authentication issue.
kontactmaneesh
Community Edition User
HI All
I am trying to SSL setup for mutual authentication. I am always getting the below issue.
2019-11-01 02:58:29.192 Init Session:0x7f93967fd700 @_node0001: 00000/4691: Sending SSL negotiation response 'S'
2019-11-01 02:58:29.196 Init Session:0x7f93967fd700 @_node0001: 08V01/7244: Could not accept SSL connection (3): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
2019-11-01 02:58:29.196 Init Session:0x7f93967fd700 @_node0001: {SessionRun} 08006/4777: SSL initialization failure
Exectuing from vsql command .
Even i am able to see certificate and ssl enable with help of below commands
SELECT GET_CONFIG_PARAMETER('EnableSSL');
SELECT GET_CONFIG_PARAMETER('SSLPrivateKey');
SELECT GET_CONFIG_PARAMETER('SSLCertificate');
Note : Referred below link for setup .
https://www.vertica.com/docs/9.2.x/HTML/Content/Authoring/KafkaIntegrationGuide/TLS-SSL/KafkaTLS-SSLExamplePart2ConfigureVertica.htm?tocpath=Integrating with Apache Kafka|Using TLS/SSL Encryption with Kafka|_____6
Your early reply will be really appreciated. Thanks a lot in advance.
Thanks
Maneesh Kumar
Answers
It looks like a certificate issue or chain or if you have chain of certificates, those were not set appropriately. Please check the below link
https://michaelheap.com/curl-35-error14094418ssl-routinesssl3_read_bytestlsv1-alert-unknown-ca
Even I again generated the certificate and now seeing different issue in vertica.log
2019-11-01 12:43:53.357 Init Session:0x7fe726bf1700 @v_node0001: 08V01/7244: Could not accept SSL connection (3): error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
2019-11-01 12:43:53.357 Init Session:0x7fe726bf1700 @v_node0001: {SessionRun} 08006/4777: SSL initialization failure
Since you mentioned that are trying for mutual mode, you need to set SSLCA parameter as well, can you share me the output of the following
select ssl_state from sessions;
Thanks a lot for your reply .
I am sharing command detail .
dbadmin=> select ssl_state from sessions;
ssl_state
None
None
None
None
None
(5 rows)
Kindly help me how should I proceed?
Even, I checked that SSL certificate, SSL private key & SSL enable and all are coming as per expectations .
Checked with help of below command.
select parameter_name, current_value, default_value from vs_configuration_parameters where parameter_name in ('EnableSSL','SSLCertificate', 'SSLPrivateKey');"
I observed that it's started work but the solution is very strange.
I changed to root.crt certificate name to roor.crt certificate name in /home/dbadmin/vsql dirctory and it's worked.
could you please let me know why is it?
Glad to know it is working. Reviewing logs will help us to understand root cause of the issue as in why it was not working earlier.