SSL certificates for connection #41
Comments
|
Here is an error on clickhouse side:
|
|
I've found where this error was fixed - ClickHouse/clickhouse-java#365 |
|
Hi @dzarlax, good job identifying the cause of the issue! 👏 In trying to make the driver work with Metabase 0.34, we will also be updating JDBC driver. Hopefully this will solve your SSL issue. If you want, you can try version 0.7-BETA. It is BETA because
|
|
@dzarlax did you try to connect using driver version 0.7.0? I personally do not have any experience setting up SSL connection between Metabase and ClickHouse. |
|
Finally YES, thanks a lot!! |
|
@dzarlax I invite you to share your experience with the community. Getting connection errors in Docker and local Metabase |
How can I help? |
|
@dzarlax What are the use of the SSL parameters to connect ClickHouse cluster in Yandex.Cloud? |
Hi. |
If still relevant, the certificate can be taken from the documentation (https://storage.yandexcloud.net/cloud-certs/CA.pem), and the parameters were specified above: |
|
All perfectly. I threw the certificate into docker and registered the parameters |
Where can I put this parameters? I don't see any "additional parameters" or etc to add them in metabase 0.43.3 and driver 0.8.1 |
Still have no idea how to configure ClickHouse database with setting an SSL certificate through UI =( |
|
@kartaris
My tests show no issues connecting to a secured ClickHouse instance with Basic TLS. I also verified that it works from the UI using the latest release (1.0.1). I run Metabase as a Docker container, and a sample docker-compose might look like this: metabase:
image: metabase/metabase:v0.45.1
container_name: metabase-with-clickhouse-driver
ports:
- '3000:3000'
volumes:
- '/absolute/path/to/clickhouse.metabase-driver.jar:/plugins/clickhouse.jar'
- '/absolute/path/to/ca.crt:/certs/ca.crt'So, the server cert is mounted as In the additional options input. Make sure that you have "Use secure connection (SSL)" ticked as well. |
Yep. I found the way to do it using API(by adding the
And as an example how it's done in PostgreSQL. User may set the path to the certificate and even upload it through API.
|
|
@kartaris what plugin version do you use? |
Sorry, my bad. I were using 0.8.1 version. Updated to 1.0.1 and now I see it can be done through UI. But it's not as clear as in PostgreSQL plugin |
Hi,
I'm trying to connect to Yandex.Cloud MDB Clickhouse from Metabase, but gets an error:
ru.yandex.clickhouse.except.ClickHouseUnknownException: ClickHouse exception, code: 1002, host: {host}, port: 8443; sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetIn additional parameters I add:
ssl=true&sslrootсert=/usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crtThe text was updated successfully, but these errors were encountered: