Determining the TLS/SSL Mode of a Vertica Database
When you configure TLS/SSL security in Management Console, you must configure the security mode to match what the Vertica database is configured to require: server mode or mutual mode. To find out how the Vertica database is configured:
- Open a command window.
- Log into the Vertica database.
- Enter the following vsql command:
select * from configuration_parameters where parameter_name ilike ‘%ssl%’
This command queries the configuration_parameters
table. It returns a list of the security parameters whose names contain the string 'ssl'. (For this exercise, ignore DataSSLParams.) By looking at the values of these parameters, you can determine whether TLS/SSL security is enabled on the Vertica database, and whether it is configured in server mode or mutual mode:
Parameter | Description |
---|---|
EnableSSL |
Controls whether the use of TLS/SSL is enabled or disabled on connections to the Vertica database.
|
SSLCA |
Indicates Vertica’s own certificate authority (CA). If this parameter is not empty, then it contains the contents of a root.crt file (ie. a PEM certificate) that Vertica trusts. If SSLCA is set (not NULL) on the server, that means the Vertica database server has TLS/SSL configured and the server will require that the client present a valid certificate, to gain access to the Vertica database. |
SSLCertificate |
Sets the SSL certificate. If TLS/SSL is enabled, this parameter contains the Vertica database server certificate, which the Vertica database server provides when asked by clients to verify itself. Includes the contents of the |
SSLPrivateKey |
The server's private key, visible only to dbadmin users. This parameter is set to the contents of the server.key file; it excludes the file name. |