TLS authentication issue

dimitri_p

These are the steps I have followed to set up TLS authentication from DBeaver to Vertica12:

1. Create server private key
2. Create server CA certificate - ca_cert
3. Create self-signed server certificate - server_cert
4. ALTER TLS CONFIGURATION server CERTIFICATE server_cert;
5. ALTER TLS CONFIGURATION server TLSMODE 'ENABLE';
6. CREATE AUTHENTICATION auth_record METHOD 'tls' HOST TLS '0.0.0.0/0';
7. GRANT AUTHENTICATION auth_record TO PUBLIC;
8. save ca_cert to a file and download it to the client
9. use keytool.exe to add ca_cert to a keystore
10. update dbeaver connection driver settings (tlsmode=verify-full, truststorepath, truststorepassword)

I end up getting

2025-02-17 06:18:23.068 Init Session:0x7f42557fd700 @v_xxxxxxxx_node0001: 00000/10712: TLS Authentication Failed for the user: dbadmin
2025-02-17 06:18:23.068 Init Session:0x7f42557fd700 @v_xxxxxxxx_node0001: 28000/6431: TLS authentication failed for user "dbadmin"
2025-02-17 06:18:23.068 Init Session:0x7f42557fd700 @v_xxxxxxxx_node0001: {SessionRun} 28000/2248: Authentication failed for username "dbadmin"

the problem is - it is not telling me much. Is there any way I can get more information about the error or do you see any apparent flaws in the steps above?

Update:
connecting using vsql from the vertica host looks like this:

[dbadmin@myhost ~]$ vsql
Welcome to vsql, the Vertica Analytic Database interactive terminal.

Type:  \h or \? for help with vsql commands
       \g or terminate with semicolon to execute query
       \q to quit

SSL connection (cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, protocol: TLSv1.2)

Update2:

openssl s_client -tls1_2 -connect localhost:5433
CONNECTED(00000003)
139953380681616:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659:

SruthiA

@dimitri_p : Please enable logging at jdbc level and check jdbc driver logs.