KX Community

Light_of_Heaven · ‎2019.05.31

Hello,

I configured TLS/SSL

q)(-26!)[]
SSLEAY_VERSION | OpenSSL 1.0.2n 7 Dec 2017
SSL_CERT_FILE | /tls/tls.crt
SSL_CA_CERT_FILE | /usr/lib/ssl/cacert.pem
SSL_CA_CERT_PATH | /usr/lib/ssl
SSL_KEY_FILE | /tls/tls.key
SSL_CIPHER_LIST | ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:..
SSL_VERIFY_CLIENT| NO
SSL_VERIFY_SERVER| YES

On kdb+ studio I get the attached error (see image).

On the server side I get a predictable '2019.06.01T00:39:36.192 TLS only

Where does my CA cert need to be placed? I have it in my keychain but it's not working.

Thanks

Sam_McMillen · ‎2019.06.04

Hi Tom,

Have you tried testing whether you can make a secure connection between a q session and the server? The commit message here has some instructions for configuring certs: https://github.com/CharlesSkelton/studio/commit/135b84cb6fdb26869d70af50bc9c204274c57f43

Regards

Sam

Light_of_Heaven · ‎2019.06.04

Thanks for the quick reply Sam.

I was able to fix it by a sudo keytool -importcert -alias dev -file /Users/homefolder/Downloads/certificate.cer -keystore /Library/Java/JavaVirtualMachines/jdk-12.0.1.jdk/Contents/Home/lib/security/cacerts

Needed to import the CA into the Java trusted CA file

Light_of_Heaven · ‎2019.06.04

As an extension of my previous question, now that I'm able to connect, whenever I run a query that takes longer then 30 seconds I get "Remote host terminated the handshake". When I open a terminal and try to communicate through IPC I get my handle closed on me. Any query shorter than around 30 seconds is fine. Does this have to do with the payload under TLS? It seems like TLS with KDB is black magic. Do you know why this is the case?

Picture attached.

Thanks,

Tom

KX Community

Adding CA Cert when using KDB+ Studio