Vertica SSL Keystore configuration on DBeaver

verban

How can i configure the keystore parameter on the dbeaver gui (in user properties)?
For example like this on Prestodb:
https://techjogging.com/connect-dbeaver-presto-https-protocol.html

Because (as i know) i should pass the parameters only in command-line:
https://www.vertica.com/kb/DbeaverTT/Content/Partner/DbeaverTT.htm#UsingSSLSecurity
> dbeaver -vmargs -Djavax.net.ssl.trustStore="C:\Program Files\Java\jdk1.8.0_71\bin\verticassl" -Djavax.net.ssl.trustStorePassword=test123Set ssl

This is the error log when i run it without command-line parameters:

Oct 12 18:08:33.112 INFO 2503 com.vertica.core.VConnection.connect: Connecting as dbadmin to picket on xxx.xxx.xxx.xxx:5433
Oct 12 18:08:33.115 INFO 2770 com.vertica.io.VStream.establishConnection: Establishing connection to /xxx.xxx.xxx.xxx, port 5433
Oct 12 18:08:33.135 DEBUG 2770 com.vertica.io.ProtocolStream.sendMessage: FE => [SSLRequest]
Oct 12 18:08:33.544 ERROR 2770 com.vertica.io.ProtocolStream.logAndConvertToNetworkException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.vertica.io.VStream.switchToTLS(Unknown Source)
at com.vertica.io.ProtocolStream.enableTLS(Unknown Source)
at com.vertica.io.ProtocolStream.initSession(Unknown Source)
at com.vertica.core.VConnection.tryConnect(Unknown Source)
at com.vertica.core.VConnection$TaskConnect.call(Unknown Source)
at com.vertica.core.VConnection$TaskConnect.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.(Unknown Source)
at sun.security.validator.Validator.getInstance(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.getValidator(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
... 12 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(Unknown Source)
at java.security.cert.PKIXParameters.(Unknown Source)
at java.security.cert.PKIXBuilderParameters.(Unknown Source)
... 24 more

If it's possible let me know the name of parameters
Because i defined two user properties same as the command-line parameters but it does not work.

verban

Like this one for Elasticsearch:
https://stackoverflow.com/a/58263517/5065374

Jim_Knicely

Maybe another option (dbeaver.ini) here?
https://github.com/dbeaver/dbeaver/issues/4341

verban

Thanks for you reply @Jim_Knicely
But this is not a good idea, because i have multiple server and i can't handle all of them with single keystore file!
I'm looking for a method to configure each connection separately.

Jim_Knicely

When creating a connection, can you try setting the following Driver properties?

SergeB

Was just about to mention the same. With more recent Veritca JDBC drivers, truststore/keystore..... can be specified as properties.

https://www.vertica.com/docs/9.3.x/HTML/Content/Authoring/ConnectingToVertica/ClientJDBC/JDBCConnectionProperties.htm?zoom_highlight=jdbc truststorepath

Also using TLSmode is preferred to more limited SSL property.

vinay_gourishetty

Hello,
If you are trying to make multiple database connections, please follow the below steps:
After generating the server.crt.der from the database, you need to perform the below actions in Deaver.

First connection:
"Keytool.exe -keystore verticassl -keypasswd -storepass test123 -importkeystore -noprompt -alias verticasql -import -file server.crt.der"
For the second connection, change the alias name:
"Keytool.exe -keystore verticassl -keypasswd -storepass test123 -importkeystore -noprompt -alias verticasql_2 -import -file server.crt.der"
Suppose you are getting the error beaver in the command prompt. Please follow the below steps.
Find the dbeaver.ini file and add like below and open the dbeaver directly.