TLS authentication issue

dimitri_pdimitri_p
edited February 2025 in General Discussion

These are the steps I have followed to set up TLS authentication from DBeaver to Vertica12:

  1. Create server private key
  2. Create server CA certificate - ca_cert
  3. Create self-signed server certificate - server_cert
  4. ALTER TLS CONFIGURATION server CERTIFICATE server_cert;
  5. ALTER TLS CONFIGURATION server TLSMODE 'ENABLE';
  6. CREATE AUTHENTICATION auth_record METHOD 'tls' HOST TLS '0.0.0.0/0';
  7. GRANT AUTHENTICATION auth_record TO PUBLIC;
  8. save ca_cert to a file and download it to the client
  9. use keytool.exe to add ca_cert to a keystore
  10. update dbeaver connection driver settings (tlsmode=verify-full, truststorepath, truststorepassword)

I end up getting

2025-02-17 06:18:23.068 Init Session:0x7f42557fd700 @v_xxxxxxxx_node0001: 00000/10712: TLS Authentication Failed for the user: dbadmin
2025-02-17 06:18:23.068 Init Session:0x7f42557fd700 @v_xxxxxxxx_node0001: 28000/6431: TLS authentication failed for user "dbadmin"
2025-02-17 06:18:23.068 Init Session:0x7f42557fd700 @v_xxxxxxxx_node0001: {SessionRun} 28000/2248: Authentication failed for username "dbadmin"

the problem is - it is not telling me much. Is there any way I can get more information about the error or do you see any apparent flaws in the steps above?

Update:
connecting using vsql from the vertica host looks like this:

[dbadmin@myhost ~]$ vsql
Welcome to vsql, the Vertica Analytic Database interactive terminal.

Type:  \h or \? for help with vsql commands
       \g or terminate with semicolon to execute query
       \q to quit

SSL connection (cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, protocol: TLSv1.2)

Update2:

openssl s_client -tls1_2 -connect localhost:5433
CONNECTED(00000003)
139953380681616:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659:
Tagged:

Answers

  • SruthiASruthiA Administrator

    @dimitri_p : Please enable logging at jdbc level and check jdbc driver logs.

  • dimitri_pdimitri_p

    Sadly I've tried that - it was just as useless as vertica.log. I don't remember exactly what it said, but something along the same lines as "tls authentication failed for user dbadmin" and a stacktrace.

  • SruthiASruthiA Administrator

    please open a support case. we can review the issue on webex.

  • dimitri_pdimitri_p

    For those who found this trying to solve their issue, the solution was this:

    change
    CREATE AUTHENTICATION auth_record METHOD 'tls' HOST TLS '0.0.0.0/0';

    to

    CREATE AUTHENTICATION auth_record METHOD 'hash' HOST TLS '0.0.0.0/0';

    ie from key to password based authentication under TLS

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Format
SpoilerCodeQuote
Heading 2Heading 1
Emoji
:):D:(;):/:o:s:p:'(:|B):#:*<3o:)>:)
Url
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file
Home General DiscussionComment As ...