SSL setup authentication issue.

kontactmaneeshkontactmaneesh Community Edition User
edited November 2019 in General Discussion

HI All
I am trying to SSL setup for mutual authentication. I am always getting the below issue.

2019-11-01 02:58:29.192 Init Session:0x7f93967fd700 @_node0001: 00000/4691: Sending SSL negotiation response 'S'
2019-11-01 02:58:29.196 Init Session:0x7f93967fd700 @_node0001: 08V01/7244: Could not accept SSL connection (3): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
2019-11-01 02:58:29.196 Init Session:0x7f93967fd700 @_node0001: {SessionRun} 08006/4777: SSL initialization failure

Exectuing from vsql command .
Even i am able to see certificate and ssl enable with help of below commands
SELECT GET_CONFIG_PARAMETER('EnableSSL');
SELECT GET_CONFIG_PARAMETER('SSLPrivateKey');
SELECT GET_CONFIG_PARAMETER('SSLCertificate');
Note : Referred below link for setup .
https://www.vertica.com/docs/9.2.x/HTML/Content/Authoring/KafkaIntegrationGuide/TLS-SSL/KafkaTLS-SSLExamplePart2ConfigureVertica.htm?tocpath=Integrating with Apache Kafka|Using TLS/SSL Encryption with Kafka|_____6
Your early reply will be really appreciated. Thanks a lot in advance.
Thanks
Maneesh Kumar

Tagged:

Answers

  • SruthiASruthiA Vertica Employee Administrator

    It looks like a certificate issue or chain or if you have chain of certificates, those were not set appropriately. Please check the below link

    https://michaelheap.com/curl-35-error14094418ssl-routinesssl3_read_bytestlsv1-alert-unknown-ca

  • kontactmaneeshkontactmaneesh Community Edition User

    Even I again generated the certificate and now seeing different issue in vertica.log

    2019-11-01 12:43:53.357 Init Session:0x7fe726bf1700 @v_node0001: 08V01/7244: Could not accept SSL connection (3): error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
    2019-11-01 12:43:53.357 Init Session:0x7fe726bf1700 @v_node0001: {SessionRun} 08006/4777: SSL initialization failure

  • SruthiASruthiA Vertica Employee Administrator

    Since you mentioned that are trying for mutual mode, you need to set SSLCA parameter as well, can you share me the output of the following

    select ssl_state from sessions;

  • kontactmaneeshkontactmaneesh Community Edition User
    edited November 2019

    Thanks a lot for your reply .
    I am sharing command detail .
    dbadmin=> select ssl_state from sessions;

    ssl_state

    None
    None
    None
    None
    None
    (5 rows)
    Kindly help me how should I proceed?
    Even, I checked that SSL certificate, SSL private key & SSL enable and all are coming as per expectations .
    Checked with help of below command.
    select parameter_name, current_value, default_value from vs_configuration_parameters where parameter_name in ('EnableSSL','SSLCertificate', 'SSLPrivateKey');"

  • kontactmaneeshkontactmaneesh Community Edition User

    I observed that it's started work but the solution is very strange.
    I changed to root.crt certificate name to roor.crt certificate name in /home/dbadmin/vsql dirctory and it's worked.
    could you please let me know why is it?

  • SruthiASruthiA Vertica Employee Administrator

    Glad to know it is working. Reviewing logs will help us to understand root cause of the issue as in why it was not working earlier.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file