Installing the FIPS Client Driver for ODBC and vsql

Vertica 9.3.x and 10.0.x do not support FIPS because of a limitation with OpenSSL. If you need FIPS support, install or upgrade to 10.1.1 or above.

If you install or upgrade from Vertica 9.2.x to Vertica 10.0. on a FIPS-enabled machine, you may encounter the following error: "Upgrading to Vertica 10.0.x-xxxxxxxx on a FIPS system is not supported." To resolve this, you must downgrade to Vertica 9.2.x: uninstall the Vertica RPM on every node in the cluster and then reinstallVertica 9.2.x.

Vertica 9.2.x offers a FIPS client for FIPS-compatible systems. A FIPS-compatible system is FIPS-enabled and includes the OpenSSL libraries.

The FIPS client supports ODBC and vsql and is offered in 64-bit only.


Verify that your host system is running a FIPS-compliant operating system that Vertica supports.

The FIPS client installer checks your host system for the value of the sysctl parameter, crypto.fips_enabled. You must set this parameter to 1 (enabled). If your host is not enabled, the client does not install.

For other prerequisites, related specifically to ODBC, see ODBC Prerequisites.

Installing the FIPS Client

To install the FIPS client driver package:

  1. Download the FIPS client package from the myVertica portal.
  2. Log in to the client system as root.
  3. Install the RPM package that you downloaded:

    # rpm -Uvh package_name.rpm  

For ODBC, once you have installed the client package, you need to create a DSN and set some additional configuration parameters. For more information, see:

You may also want to add the vsql client to your PATH environment variable so that you do not need to enter its full path to run it. To do so, add the following to the .profile file in your home directory or the global /etc/profile file:

export PATH=$PATH:/opt/vertica/bin

Client Searches for OpenSSL Libraries

When you launch the client application to connect to the server, the client searches for and loads the OpenSSL libraries and for supported OpenSSL versions:

  • The client first checks to see if LD_LIBRARY_PATH is set.
  • If the LD_LIBARY_PATH location does not include the libraries, it checks RunPath, either /opt/vertica/lib or within the ODBC or vsql directory structure (../lib).

The LD_LIBRARY_PATH, if set, directs the search path for the OpenSSL libraries. Be aware that the client loads the libraries from any set or preset LD_LIBRARY_PATH location.

The following figure depicts the search for the OpenSSL libraries: