cancel
Showing results for 
Search instead for 
Did you mean: 

Adding CA Cert when using KDB+ Studio

Light_of_Heaven
New Contributor
Hello,

I configured TLS/SSL

q)(-26!)[]
SSLEAY_VERSION   | OpenSSL 1.0.2n  7 Dec 2017
SSL_CERT_FILE    | /tls/tls.crt
SSL_CA_CERT_FILE | /usr/lib/ssl/cacert.pem
SSL_CA_CERT_PATH | /usr/lib/ssl
SSL_KEY_FILE     | /tls/tls.key
SSL_CIPHER_LIST  | ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:..
SSL_VERIFY_CLIENT| NO
SSL_VERIFY_SERVER| YES

On kdb+ studio I get the attached error (see image).

<blockquote class="imgur-embed-pub" lang="en" data-id="a/G8Ocy8w" data-context="false" ><a href="//imgur.com/a/G8Ocy8w"></a></blockquote><script async src="//s.imgur.com/min/embed.js" charset="utf-8"></script>

On the server side I get a predictable '2019.06.01T00:39:36.192 TLS only
 
Where does my CA cert need to be placed? I have it in my keychain but it's not working.

Thanks
3 REPLIES 3

Sam_McMillen
New Contributor
Hi Tom,

Have you tried testing whether you can make a secure connection between a q session and the server? The commit message here has some instructions for configuring certs: https://github.com/CharlesSkelton/studio/commit/135b84cb6fdb26869d70af50bc9c204274c57f43

Regards
Sam

Thanks for the quick reply Sam.

I was able to fix it by a sudo keytool -importcert -alias dev -file /Users/homefolder/Downloads/certificate.cer -keystore /Library/Java/JavaVirtualMachines/jdk-12.0.1.jdk/Contents/Home/lib/security/cacerts

Needed to import the CA into the Java trusted CA file

As an extension of my previous question, now that I'm able to connect, whenever I run a query that takes longer then 30 seconds I get "Remote host terminated the handshake". When I open a terminal and try to communicate through IPC I get my handle closed on me. Any query shorter than around 30 seconds is fine. Does this have to do with the payload under TLS? It seems like TLS with KDB is black magic. Do you know why this is the case?

Picture attached.

Thanks,
Tom