Obtaining a Certificate Chain

If you require certificates to be included in your root cert file and your DBA or IT staff has not provided them, you can often extract them yourself by using a web browser or the openssl application. If you do this, keep in mind that while it does no harm to include them, you do not need to include the leaf certificates in the file. You only the intermediary certificates and, for ybsql connections, root certificates.

Export the chain of trust certs using FireFox

Firefox has the most convenient interface for exporting certificates to a file as it has an option to export the entire certificate chain with a single click.

Click the lock icon next to the URL for the SMC login, then click the Connection secure expansion arrow.

Click More Information to go to the "Page Info."

Click Security, then View Certificate to see the certificates in the chain of trust.

Click the PEM (chain) link, which generates the certificate bundle for the entire chain of trust.

Export the chain of trust certs using Chrome

You have to follow these steps for each certificate in the chain (unlike the Firefox procedure, where you can export the entire certificate chain at once).

Click the lock icon next to the URL for the SMC login, then Certificate.

Find all the certs that need to be exported by clicking Certification Path.

For each cert to be exported, click Details. If the message says This certificate is OK, click Copy to File.

Follow the steps in the Certificate Export Wizard.

Select Base-64 encoded x.509 (.CER).
Specify the path and name of the cert file. The default locations and names are commonly used. For example:
Linux:
```
/.yellowbrick/root.cert
```
Windows:
```
%APPDATA%\yellowbrick\root.crt
```
Make sure you are not overwriting existing certificate information. If you already have a file, you should append the new certs to that file.

Export the chain of trust certs using openssl

To show all certificate information, including the metadata, echo the results of an openssl command. For example:

$ echo -n | openssl s_client -connect yb007.nyc.yellowbrick.io:443 -showcerts

To show only the certificates themselves, run a command like this:

$ echo -n | openssl s_client -connect yb007.nyc.yellowbrick.io:443 -showcerts \
 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > yb007.pem

Parent topic:Configuring SSL/TLS for Tools and Drivers

Setting Up Encryption

Creating an Alert Endpoint

config

Secure Connections for ODBC/JDBC Clients and ybsql

LDAP Authentication

Synchronizing Users and Groups

Running a Bulk Load

Bulk Load Examples

Loading Tables from Object Storage

Loading from Amazon S3

Loading from Azure Blob Storage

ybload Command

Setting Up the ybrelay Service

Setting up and Running a Spark Job

ybunload Command

Creating WLM Resource Pools

Creating WLM Rules

Rule Examples

DECIMAL

Data Type Casting

SQL String Constants

CREATE EXTERNAL TABLE

CREATE TABLE

GRANT

SELECT

Subqueries

SQL Conditions

String Functions

ENCRYPT_KS

Pattern Matching

SQL Operators and Pattern Matching Functions

Regular Expression Details

Datetime Functions

Mathematical Functions

Aggregate Functions

Window Functions

Conditional Expressions

Formatting Functions

Type-Safe Casting Functions

JSON Functions

System Functions

Network Address Functions

Obtaining a Certificate Chain ​

Export the chain of trust certs using FireFox ​

Export the chain of trust certs using Chrome ​

Export the chain of trust certs using openssl ​

Obtaining a Certificate Chain

Export the chain of trust certs using FireFox

Export the chain of trust certs using Chrome

Export the chain of trust certs using openssl