Enabling SSL

 

Hi all,

 

I've been trying to get SSL server-authentication to work on Vertica using generated keys. I followed this guide since it seems to give the most complete overview of the necessary steps: https://community.dev.hpe.com/t5/Vertica-Knowledge-Base/Using-SSL-Server-Authentication-with-Vertica-Validating-Your-SSL/ta-p/236965 .

 

I have generated the server key and certificate and used them to set the parameters SSLCertificate and SSLPrivateKey. I have also enabled SSL (EnableSSL = 1). Furthermore all the proposed checks seem to give the correct result.

 

Yet when I start vsql, I don't see the line:

 

"SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256"

 

indicating that the SSL is successfully enabled. When I require SSL using the -m require argument I get:

 

"could not open certificate file "/home/dbadmin/.vsql/client.crt": No such file or directory"

 

even though I just want to enable server-authentication. As far as I'm aware a client certificate is not needed in this case.

 

Can anyone point me in the right direction as to what I'm doing wrong. It would be much appreciated.

 

Comments

  • SruthiASruthiA Vertica Employee Administrator

    Do you have root.crt in /home/dbadmin/.vsql directory

  •  

    I do have root.crt in /home/dbadmin/.vsql. It is a copy of server.crt as the guide suggests:

     

    "For the self-signed certificates, the root.crt is the same as the server.crt. cp ./server.crt ./root.crt"

     

    Thank you for the quick reply.

  • SruthiASruthiA Vertica Employee Administrator

    Can you remove root.crt from  /home/dbadmin/.vsql directory and try again?

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file