Redshift SSL certificate validation fails for StorageLoader

rgabo · May 3, 2016, 1:22pm

We are trying to run StorageLoader with ssl_mode: disable (which should also be the default), but loading into the Redshift cluster fails with:

Loading Snowplow events and shredded types into analytics (Redshift cluster)...
Unexpected error: hostname does not match the server certificate (OpenSSL::SSL::SSLError)
/tmp/jruby3563532967324046283extract/jruby-stdlib-1.7.20.1.jar!/META-INF/jruby.home/lib/ruby/shared/jopenssl19/openssl/ssl-internal.rb:99:in `post_connection_check'

We are running R77 Great Auk and the Redshift cluster does not have force_ssl set. The certificate is supposed to be invalid as the CA is not trusted, but that should still allow StorageLoader to connect.

Ideas?

rgabo · May 3, 2016, 1:43pm

We realized that the issue was not with Redshift but rather S3 (hah!)

As StorageLoader tried to discover the Iglu schemas and jsonpaths, it retrieves those from https://iglu-bucket.s3.amazonaws.com. If iglu-bucket contains a ., SSL validation will fail. Our Iglu bucket name was an FQDN (because we use it as a static website as well) and SSL failed.

Leaving the issue here for others to benefit from

alex · May 3, 2016, 8:59pm

Thanks for following up with the fix @rgabo! That’s good to know.

Topic		Replies	Views
[IMPORTANT ALERT] AWS is replacing the SSL certificates for connecting to Redshift on 23rd October Open Source Alerts	4	1765	October 21, 2017
Load into Redshift fails from EC2 Storage targets	4	1460	May 15, 2017
RDB Loader fails loading data to Redshift when SSL is enabled Storage targets	6	1865	October 19, 2017
Storage Loader successful but not loading Redshift or Postgres DB Storage targets	4	1906	March 28, 2017
R90 storage loading problems Troubleshooting	9	2149	October 19, 2017

Redshift SSL certificate validation fails for StorageLoader

Related Topics