Hello,
I configured TLS/SSL
q)(-26!)[]
SSLEAY_VERSION | OpenSSL 1.0.2n 7 Dec 2017
SSL_CERT_FILE | /tls/tls.crt
SSL_CA_CERT_FILE | /usr/lib/ssl/cacert.pem
SSL_CA_CERT_PATH | /usr/lib/ssl
SSL_KEY_FILE | /tls/tls.key
SSL_CIPHER_LIST | ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:..
SSL_VERIFY_CLIENT| NO
SSL_VERIFY_SERVER| YES
On kdb+ studio I get the attached error (see image).
<blockquote class=“imgur-embed-pub” lang=“en” data-id=“a/G8Ocy8w” data-context=“false” ><a href=“//imgur.com/a/G8Ocy8w”></a></blockquote><script async src=“//s.imgur.com/min/embed.js” charset=“utf-8”></script>
On the server side I get a predictable '2019.06.01T00:39:36.192 TLS only
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #ffffff; background-color: #2b66c9}span.s1 {font-variant-ligatures: no-common-ligatures}
Where does my CA cert need to be placed? I have it in my keychain but it’s not working.
Thanks
Hi Tom,
Have you tried testing whether you can make a secure connection between a q session and the server? The commit message here has some instructions for configuring certs: https://github.com/CharlesSkelton/studio/commit/135b84cb6fdb26869d70af50bc9c204274c57f43
Regards
Sam
Thanks for the quick reply Sam.
I was able to fix it by a sudo keytool -importcert -alias dev -file /Users/homefolder/Downloads/certificate.cer -keystore /Library/Java/JavaVirtualMachines/jdk-12.0.1.jdk/Contents/Home/lib/security/cacerts
Needed to import the CA into the Java trusted CA file
As an extension of my previous question, now that I’m able to connect, whenever I run a query that takes longer then 30 seconds I get “Remote host terminated the handshake”. When I open a terminal and try to communicate through IPC I get my handle closed on me. Any query shorter than around 30 seconds is fine. Does this have to do with the payload under TLS? It seems like TLS with KDB is black magic. Do you know why this is the case?
Picture attached.
Thanks,
Tom