connect to vertica using tls
alexisos
Vertica Customer
Hi,
I'm having two VM (Vertica 9.2.0) on the same machine, in order to test the TSL between them. I'm able to configure the TSL Comm between the VMs and external world, I can connect from outside using vsql or using jdbc. I'm having some problems.
1. ImportExportTLSMode **TLS is enabled on both servers. I'm connecting to the first one (vslq). From this vslq I'm trying "connect to vertica" to connect to the other machine. In the log of the second machine I'm seeing that the connection is not over TLS and its rejected. Is there any possibillity to enforce the TLS connection? 9.2.1 is having a new parameter called ImportExportTLSMode but what about 9.2.0?
2. **Mutual Mode. Already said, TLS works. For Mutual mode we need to set SSLCA. I'm using the following command line;
adminTools -t set_ssl_params -d $dbname -k server.key -c server_signed.crt -a ca.pem
where the -a ca.pem is the(self signed) key used to sign the server_signed.crt. Without the -a ca.pem parameter, the database can be started, with the added parameter I'm receiving the followind error message
vsql: SSL error: sslv3 alert handshake failure
Can you please help me?
Regards
Alex
Answers
TLS support for the Vertica IMPORT/EXPORT feature was introduced in Vertica 9.2.1.
See: https://www.vertica.com/docs/9.2.x/HTML/Content/Authoring/NewFeatures/9.2/9.2.1/SecurityAuthentication.htm
In 9.2.0 and below, when making the connection using CONNECT, Vertica attempted to use TLS, but felled to plaintext for metadata.
As far as the "'sslv3 alert handshake failure" error, maybe make sure that the file permissions for the certs are set correctly.
Step 4 here:
https://www.vertica.com/docs/9.2.x/HTML/Content/Authoring/Security/SSL/GeneratingCertificationsAndKeys.htm
We will soon migrate to 10, I will test it again later.