Please take this survey to help us learn more about how you use third party tools. Your input is greatly appreciated!

SSL setup authentication issue.

HI All
I am trying to SSL setup for mutual authentication. I am always getting the below issue.

2019-11-01 02:58:29.192 Init Session:0x7f93967fd700 @_node0001: 00000/4691: Sending SSL negotiation response 'S'
2019-11-01 02:58:29.196 Init Session:0x7f93967fd700 @_node0001: 08V01/7244: Could not accept SSL connection (3): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
2019-11-01 02:58:29.196 Init Session:0x7f93967fd700 @_node0001: {SessionRun} 08006/4777: SSL initialization failure

Exectuing from vsql command .
Even i am able to see certificate and ssl enable with help of below commands
Note : Referred below link for setup . with Apache Kafka|Using TLS/SSL Encryption with Kafka|_____6
Your early reply will be really appreciated. Thanks a lot in advance.
Maneesh Kumar



  • It looks like a certificate issue or chain or if you have chain of certificates, those were not set appropriately. Please check the below link

  • Even I again generated the certificate and now seeing different issue in vertica.log

    2019-11-01 12:43:53.357 Init Session:0x7fe726bf1700 @v_node0001: 08V01/7244: Could not accept SSL connection (3): error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
    2019-11-01 12:43:53.357 Init Session:0x7fe726bf1700 @v_node0001: {SessionRun} 08006/4777: SSL initialization failure

  • Since you mentioned that are trying for mutual mode, you need to set SSLCA parameter as well, can you share me the output of the following

    select ssl_state from sessions;

  • edited November 2019

    Thanks a lot for your reply .
    I am sharing command detail .
    dbadmin=> select ssl_state from sessions;


    (5 rows)
    Kindly help me how should I proceed?
    Even, I checked that SSL certificate, SSL private key & SSL enable and all are coming as per expectations .
    Checked with help of below command.
    select parameter_name, current_value, default_value from vs_configuration_parameters where parameter_name in ('EnableSSL','SSLCertificate', 'SSLPrivateKey');"

  • I observed that it's started work but the solution is very strange.
    I changed to root.crt certificate name to roor.crt certificate name in /home/dbadmin/vsql dirctory and it's worked.
    could you please let me know why is it?

  • Glad to know it is working. Reviewing logs will help us to understand root cause of the issue as in why it was not working earlier.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file

Can't find what you're looking for? Search the Vertica Documentation, Knowledge Base, or Blog for more information.