I am setting up SSL configuration for Vertica 9.2. Seeing "Failed to Initialize SSL" error.
Seeing the following error at startup and not able to startup the database.
host ['xx.xx.xx.xx'] report: @v_verticadb_node0001: VX001/3380: Failed to initialize SSL
LOCATION: doInstallAndJoin, /data/qb_workspaces/jenkins2/ReleaseBuilds/Grader/REL-9_2_0-x_grader/build/vertica/Transaction/TransAPI.cpp:5531
In vertica logs
2021-08-05 19:23:33.002 Spread Service InOrder Queue:7f40a3b4c700 @v_verticadb_node0001: VX001/6211: Could not load server private key from
SSLPrivateKey config parameter: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
#
These are the steps I followed to configure SSL
Extracted the certificate
openssl pkcs12 -in campaigns.com.pfx -clcerts -nokeys -out server.crt
Extracted the key
openssl pkcs12 -in campaigns.com.pfx -nocerts -out encrypted_server.key
openssl rsa -in encrypted_server.key -out server.key
Extracted Intermediate and Root certs
openssl x509 -in "Intermediate_Medium Enrollment CA-1A.cer" -out intermediate.crt
openssl x509 -in " EPKI PROD ROOT CA Cert.cer" -out root.crt
Appended the 3 certificates into chain.crt
cat intermediate.crt >> chain.crt
cat root.crt >> chain.crt
cat server.crt >> chain.crt
cp chain.crt server.crt
Add the cert and key to verticadb
admintools -t set_ssl_params -d verticadb -k ./server.key -c ./server.crt
admintools -t start_db -d verticadb
Please let me know if these steps are not correct.
Answers
There seems to be an issue with cert and/or key.
You can follow these steps below to validate them:
https://www.vertica.com/kb/TLS_Server_Auth/Content/BestPractices/TLS_Server_Auth.htm#ValidatingYourPrivateKeyandCertificate
Reconfigured it following the above steps. I am able to startup the database, but it is not using SSL.
admintools -t set_ssl_params -d verticadb -k ./server.key -c ./server.crt -a ./root.cer
In this server.key - is the private key
server.crt - is the certificate
root.cer - is the intermediate and root cert
vsql -m require
vsql: SSL error: sslv3 alert handshake failure
vertica=> SELECT GET_CONFIG_PARAMETER('SSLPrivateKey');
GET_CONFIG_PARAMETER
(1 row)
Not seeing Private key.
Try running:
SELECT SECURITY_CONFIG_CHECK('NETWORK');