"x509: certificate signed by unknown authority" error when using gpbackup to take backup in Greenplum Database
search cancel

"x509: certificate signed by unknown authority" error when using gpbackup to take backup in Greenplum Database

book

Article ID: 296648

calendar_today

Updated On:

Products

VMware Tanzu Greenplum

Issue/Introduction

When using gpbackup to backup the Greenplum Database (GPDB) to S3 storage it reports the following error:

x509: certificate signed by unknown authority


The output from the gpbackup command looks similar to the following:

[gpadmin@mdw gpadmin]$ gpbackup --dbname gpperfmon --plugin-config /home/gpadmin/gpbackup_##_######.conf
20211115:13:03:50 gpbackup:gpadmin:mdw:015897-[INFO]:-gpbackup version = 1.20.4
20211115:13:03:50 gpbackup:gpadmin:mdw:015897-[INFO]:-Greenplum Database Version = 6.12.1 build commit:7ec4678f29dd922d7d44501f5fc344b5d0d4d49f
20211115:13:03:50 gpbackup:gpadmin:mdw:015897-[INFO]:-Starting backup of database gpperfmon
20211115:13:03:51 gpbackup:gpadmin:mdw:015897-[INFO]:-Reading Plugin Config /home/gpadmin/gpbackup_##_#####.conf
20211115:13:03:52 gpbackup:gpadmin:mdw:015897-[CRITICAL]:-exit status 1: 
20211115:13:03:52 gpbackup_s3_plugin:gpadmin:mdw:016711-[ERROR]:-RequestError: send request failed
caused by: Put https://########.######.com:9021/gpperfmon/backups/20211115/20211115130350/gpbackup_20211115130350_report: x509: certificate signed by unknown authority
20211115:13:03:53 gpbackup:gpadmin:mdw:015897-[INFO]:-Found neither /usr/local/greenplum-db/./bin/gp_email_contacts.yaml nor /home/gpadmin/gp_email_contacts.yaml
20211115:13:03:53 gpbackup:gpadmin:mdw:015897-[INFO]:-Email containing gpbackup report /database/data01/master/gpseg-1/backups/20211115/20211115130350/gpbackup_20211115130350_report will not be sent 
20211115:13:03:54 gpbackup:gpadmin:mdw:015897-[ERROR]:-ERROR: Plugin failed to process /database/data01/master/gpseg-1/backups/20211115/20211115130350/gpbackup_20211115130350_config.yaml. 
20211115:13:03:54 gpbackup_s3_plugin:gpadmin:mdw:017072-[ERROR]:-RequestError: send request failed
caused by: Put https://#########.#######.com:9021/gpperfmon/backups/20211115/20211115130350/gpbackup_20211115130350_config.yaml: x509: certificate signed by unknown authority



Environment

Product Version: 6.12

Resolution

The Greenplum cluster does not have the root certification authority (CA) and cannot verify the S3 storage certificate.

This is probably due to the certificate being a self signed certificate.

Add the certificate for the root certification authority (CA) to one of the following files. Use the file associated with the Operating System running on the hosts in the cluster.

"/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt",                  // Fedora/RHEL 6
"/etc/ssl/ca-bundle.pem",                            // OpenSUSE
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7


Note: The root certification authority (CA) needs to be added to the file on all hosts in the cluster. These incude the the master, standby master, and all segments hosts.


Powered by Wolken Software