Troubleshooting SSL Issues

This section identifies some common error conditions that may arise when you are setting up secure connections for Yellowbrick data warehouses.

"Server certificate...does not match hostname"

Most server certificates are based on host names. If you are using an SSL mode that requires trust, you need to know the correct host and domain name for the connection, not the IP address. Consider the following examples for a host named yb14.yellowbrick.io, using a wildcard cert where CN=*.slc.yellowbrick.io and verify-full SSL mode. The host name used in the connection must be a name in the domain and cannot be an IP address:

ybqsl "sslmode=verify-full sslrootcert=/mnt/c/ybd/my.pem host=10.10.114.10 dbname=yellowbrick user=yellowbrick"
ybsql: server certificate for "*.slc.yellowbrick.io" (and 1 other name) does not match host name "10.10.114.10"
..
ybsql "sslmode=verify-full sslrootcert=/mnt/c/ybd/my.pem host=yb14.yellowbrick.io dbname=yellowbrick user=yellowbrick"
ybsql: server certificate for "*.slc.yellowbrick.io" (and 1 other name) does not match host name "yb14.yellowbrick.io"

"root.crt does not exist"

If you are using an SSL mode that requires trust verification, you may see a message like this one:

ybsql: root certificate file "/home/user_1/.postgresql/root.crt" does not exist

To fix the problem, either provide the file or change the SSL mode to disable server certificate verification. Verify that your root.crt file is in the correct location and that you have adequate permissions on it. In particular, keep in mind that the location and names differ by operating system.

Linux, AIX, macOS:

~/.postgresql/root.cert

~/.yellowbrick/root.cert

Windows:

%APPDATA%\postgresql\root.crt

%APPDATA%\yellowbrick\root.crt

“SSL error: certificate verify failed”

This type of error occurs if you attempt to use an SSL mode that requires trust verification with an untrusted certificate, and you do not have the intermediary and/or root cert in your root cert file.

For example, a Yellowbrick data warehouse ships with a self-signed certificate so it is not trusted. Attempting a connection using an SSL mode of verify-ca results in an error:

ybsql "sslmode=verify-full sslrootcert=/~/my_root.pem host=yb.my.com dbname=dev user=me"
ybsql: SSL error: certificate verify failed

Configuring SSL/TLS for Tools and Drivers

Secure Connections for ODBC/JDBC Clients and ybsql

sys.lock

Bulk Load Examples

Running a Bulk Load

Loading Tables from Parquet Files

ybload Command

Loading from Amazon S3

Loading from Azure Blob Storage

Setting up and Running a Spark Job

Setting Up the ybrelay Service

LDAP Authentication

Synchronizing Users and Groups

Appliance: Disk Encryption

Setting Up Encrypted Drives

Remote Diagnostics

System Alerts

Creating an Alert Endpoint

Using the System Management Console

ybcli Reference

ybcli: config

AWS Marketplace

Create Stack

Docker

Cloud: Configuration

Vanity DNS

Yellowbrick Manager

Cloud: Enterprise Edition Getting Started

SQL-Based Loads from External Storage

Cloud: Installation

CLI Install Instructions

Permissions

Private Install Instructions

Public Install Instructions

Cloud: Kubernetes Guides

CREATE EXTERNAL FORMAT

CREATE EXTERNAL TABLE

CREATE TABLE

GRANT

Plan Hinting

SELECT

GROUP BY Clause

Subqueries

Data Type Casting

DECIMAL

JSON

JSONB

SQL String Constants

Aggregate Functions

Conditional Expressions

Datetime Functions

Formatting Functions

Geospatial functions

Mathematical Functions

Network Address Functions

Pattern Matching

Regular Expression Details

SQL Operators and Pattern Matching Functions

SQL Conditions

SQL User Defined Function (UDF)

SQL UDF Create Function

String Functions

ENCRYPT_KS

System Functions

Type-Safe Casting Functions

Window Functions

Creating WLM Resource Pools

Creating WLM Rules

Rule Examples

Troubleshooting SSL Issues ​

"Server certificate...does not match hostname" ​

"root.crt does not exist" ​

“SSL error: certificate verify failed” ​

Troubleshooting SSL Issues

"Server certificate...does not match hostname"

"root.crt does not exist"

“SSL error: certificate verify failed”