Hello,
Having issue loading TLS certificates on windows machine, wondering if someone can help.
I have downloaded file cacert.pem and set ENV var SSL_CA_CERT_FILE pointing to this. When I am hitting kdb from outside api I get error
``TLS not enabled`
for (-26!) I have
SSLEAY_VERSION | OpenSSL 1.0.2p 14 Aug 2018SSL_CERT_FILE | /usr/local/ssl/server-crt.pemSSL_CA_CERT_FILE | ..\certpath\cacert.pemSSL_CA_CERT_PATH | ..\certpathSSL_KEY_FILE | /usr/local/ssl/server-key.pemSSL_CIPHER_LIST | ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:..SSL_VERIFY_CLIENT| NOSSL_VERIFY_SERVER| YES
anyone know what I’m missing?
Thanks
Hi Roni,
did you start kdb+ with the cmd line option -E 1 or -E 2?
https://code.kx.com/q/ref/cmdline/#-e-tls-server-mode
kind regards,
Charlie
I did, except I get this error
5624:error:02001003:system library:fopen:No such process:.\crypto\bio\bss_file.c:406:fopen('/usr/local/ssl/server-crt.pem','rb')5624:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:408:5624:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:.\ssl\ssl_rsa.c:701:'failed to load TLS certificates
it’s trying to load
/usr/local/ssl/server-crt.pem
does that exist?
there’s some example setup info here
https://code.kx.com/q/cookbook/ssl/
which kdb+ version/release on which os are you using?
Thanks Charles I got it now. Using windows I followed example to create cert files from https://code.kx.com/q/cookbook/ssl/