SSL certificates for connection

[dzarlax]

Hi,
I'm trying to connect to Yandex.Cloud MDB Clickhouse from Metabase, but gets an error:

ru.yandex.clickhouse.except.ClickHouseUnknownException: ClickHouse exception, code: 1002, host: {host}, port: 8443; sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

In additional parameters I add:

ssl=true&sslrootсert=/usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crt

[dzarlax]

Here is an error on clickhouse side:

{ "component": "ServerErrorHandler", "hostname": "{host}", "message": "Poco::Exception. Code: 1000, e.code() = 0, e.displayText() = SSL Exception: error:14037416:SSL routines:ACCEPT_SR_KEY_EXCH:sslv3 alert certificate unknown (version 19.14.7.15 (official build)", "severity": "Error", "thread": "50", "query_id": "" }

[dzarlax]

I've found where this error was fixed - ClickHouse/clickhouse-java#365
Maybe JDBC should be updated. @enqueue

[enqueue]

Hi @dzarlax, good job identifying the cause of the issue! 👏 In trying to make the driver work with Metabase 0.34, we will also be updating JDBC driver. Hopefully this will solve your SSL issue. If you want, you can try version 0.7-BETA. It is BETA because

1. the code uses proprietary JDBC driver code
2. the driver does not pass all MetaBase integration tests, yet.

[enqueue]

@dzarlax did you try to connect using driver version 0.7.0? I personally do not have any experience setting up SSL connection between Metabase and ClickHouse.

[dzarlax]

Finally YES, thanks a lot!!

[vmoshikov]

@dzarlax I invite you to share your experience with the community. Getting connection errors in Docker and local Metabase

[dzarlax]

@dzarlax I invite you to share your experience with the community. Getting connection errors in Docker and local Metabase

How can I help?

[vmoshikov]

@dzarlax What are the use of the SSL parameters to connect ClickHouse cluster in Yandex.Cloud?
You use .pem or .crt file?

[JeroniMan]

Hi, I'm trying to connect to Yandex.Cloud MDB Clickhouse from Metabase, but gets an error:

ru.yandex.clickhouse.except.ClickHouseUnknownException: ClickHouse exception, code: 1002, host: {host}, port: 8443; sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

In additional parameters I add:

ssl=true&sslrootсert=/usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crt

Hi.
I have the same problem, thhx for prompt, but be careful in your parameter line - the seventeenth character ('c') is Cyrillic.

[JeroniMan]

@dzarlax What are the use of the SSL parameters to connect ClickHouse cluster in Yandex.Cloud? You use .pem or .crt file?

If still relevant, the certificate can be taken from the documentation (https://storage.yandexcloud.net/cloud-certs/CA.pem), and the parameters were specified above:
ssl=true&sslrootcert=/usr/local/share/ca-certificates/Yandex/CA.pem

[vmoshikov]

All perfectly. I threw the certificate into docker and registered the parameters
ssl=true&sslrootcert=/usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crt

[egorperesada]

All perfectly. I threw the certificate into docker and registered the parameters ssl=true&sslrootcert=/usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crt

Where can I put this parameters? I don't see any "additional parameters" or etc to add them in metabase 0.43.3 and driver 0.8.1

Ω

[kartaris]

All perfectly. I threw the certificate into docker and registered the parameters ssl=true&sslrootcert=/usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crt

Where can I put this parameters? I don't see any "additional parameters" or etc to add them in metabase 0.43.3 and driver 0.8.1 Ω

Still have no idea how to configure ClickHouse database with setting an SSL certificate through UI =(
There is no such option.