how to set "DataSSLParams" in vertica 9.3
I generated the Certificate Authority (CA) private key, public certificate, "serverca.crt" and "servercakey.pem" based on this link:
I run this query:
ALTER DATABASE mydb SET DataSSLParams =(
'-----BEGIN CERTIFICATE-----bnmhjhbvnghgjCx76S/b8iKPnbqxmq8dZKdA==-----END CERTIFICATE-----,
-----BEGIN CERTIFICATE-----MFHGHGFNGNe4CCQD7JL11nlk8fdvGnRew==-----END CERTIFICATE-----,
-----BEGIN RSA PRIVATE KEY-----MGHFGHGHGHGHAAKCAhiG4Uw==-----END RSAPRIVATE KEY-----,
-----BEGIN CERTIFICATE-----MIIDBjCGHGFHFGHGHCQ0BAQsFew==-----END CERTIFICATE-----');
and get this error:
SQL Error [3787] [22023]: [Vertica]VJDBC ROLLBACK: Invalid value for parameter
[Vertica]VJDBC ROLLBACK: Invalid value for parameter
I found that query in this links:
https://www.vertica.com/docs/9.3.x/HTML/Content/Authoring/Security/TLS/DataChannelTLS.htm?zoom_highlight=DataSSLParams
https://www.vertica.com/docs/9.3.x/HTML/Content/Authoring/Security/TLS/GeneratingCertificatesAndKeys.htm
And idea?
Vertica version 9.3
Answers
Try to run the command without parentheses around the value.
I do that before, but I still have the same error.
Use in one line:
SELECT SET_CONFIG_PARAMETER('DataSSLParams', '-----BEGIN CERTIFICATE----------END CERTIFICATE----------BEGIN CERTIFICATE----------END CERTIFICATE-----,-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----,-----BEGIN CERTIFICATE----------END CERTIFICATE-----');
Looks like you have an extra comma between first two certificates, try to remove it.
I'm getting same error "[Code: 3787, SQL State: 22023] [Vertica]VJDBC ROLLBACK: Invalid value for parameter" on Vertica 10.1 - tried all suggestion on this thread, no luck.
ALTER DATABASE DEFAULT SET PARAMETER DataSSLParams = '-----BEGIN CERTIFICATE-----<MIIDWDCCAkACFF1QkGWkM9Xggw4NME+MS=>-----END CERTIFICATE----------BEGIN CERTIFICATE-----<MIID3TCCAsWgAwIBAgIUX4MdQHK/+>-----END CERTIFICATE-----,-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----, -----BEGIN CERTIFICATE-----<MIID2TCCAsGgAwIBAgIUFTyv+>-----END CERTIFICATE-----';
Just wondering is it because of the issue with my certs/keys or is it with formatting of certs or syntax related?
How was @holakokhan resolved it?
Thanks
@hrao : Could you please open a support case to review this issue.