The Vertica Forum recently got a makeover! Let us know what you think by filling out this short, anonymous survey.

SSL setup authentication issue.

HI All
I am trying to SSL setup for mutual authentication. I am always getting the below issue.

2019-11-01 02:58:29.192 Init Session:0x7f93967fd700 @_node0001: 00000/4691: Sending SSL negotiation response 'S'
2019-11-01 02:58:29.196 Init Session:0x7f93967fd700 @_node0001: 08V01/7244: Could not accept SSL connection (3): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
2019-11-01 02:58:29.196 Init Session:0x7f93967fd700 @_node0001: {SessionRun} 08006/4777: SSL initialization failure

Exectuing from vsql command .
Even i am able to see certificate and ssl enable with help of below commands
SELECT GET_CONFIG_PARAMETER('EnableSSL');
SELECT GET_CONFIG_PARAMETER('SSLPrivateKey');
SELECT GET_CONFIG_PARAMETER('SSLCertificate');
Note : Referred below link for setup .
https://www.vertica.com/docs/9.2.x/HTML/Content/Authoring/KafkaIntegrationGuide/TLS-SSL/KafkaTLS-SSLExamplePart2ConfigureVertica.htm?tocpath=Integrating with Apache Kafka|Using TLS/SSL Encryption with Kafka|_____6
Your early reply will be really appreciated. Thanks a lot in advance.
Thanks
Maneesh Kumar

Tagged:

Answers

  • SruthiASruthiA Employee

    It looks like a certificate issue or chain or if you have chain of certificates, those were not set appropriately. Please check the below link

    https://michaelheap.com/curl-35-error14094418ssl-routinesssl3_read_bytestlsv1-alert-unknown-ca

  • Even I again generated the certificate and now seeing different issue in vertica.log

    2019-11-01 12:43:53.357 Init Session:0x7fe726bf1700 @v_node0001: 08V01/7244: Could not accept SSL connection (3): error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
    2019-11-01 12:43:53.357 Init Session:0x7fe726bf1700 @v_node0001: {SessionRun} 08006/4777: SSL initialization failure

  • SruthiASruthiA Employee

    Since you mentioned that are trying for mutual mode, you need to set SSLCA parameter as well, can you share me the output of the following

    select ssl_state from sessions;

  • edited November 2

    Thanks a lot for your reply .
    I am sharing command detail .
    dbadmin=> select ssl_state from sessions;

    ssl_state

    None
    None
    None
    None
    None
    (5 rows)
    Kindly help me how should I proceed?
    Even, I checked that SSL certificate, SSL private key & SSL enable and all are coming as per expectations .
    Checked with help of below command.
    select parameter_name, current_value, default_value from vs_configuration_parameters where parameter_name in ('EnableSSL','SSLCertificate', 'SSLPrivateKey');"

  • I observed that it's started work but the solution is very strange.
    I changed to root.crt certificate name to roor.crt certificate name in /home/dbadmin/vsql dirctory and it's worked.
    could you please let me know why is it?

  • SruthiASruthiA Employee

    Glad to know it is working. Reviewing logs will help us to understand root cause of the issue as in why it was not working earlier.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file

Can't find what you're looking for? Search the Vertica Documentation, Knowledge Base, or Blog for more information.