- Pivotal Greenplum (GPDB) 4.3.x
- OS RHEL 6.x
When running gpload with gpfdists protocol, it fails and gives the following error message:
[gpadmin@mdw ~]$ gpload -f /tmp/gpload.yaml
2016-12-05 16:56:20|INFO|gpload session started 2016-12-05 16:56:20
2016-12-05 16:56:20|INFO|started gpfdist --ssl /data/master/gpseg-1 -p 10008 -P 10009 -f "/tmp/gploadtest.txt" -t 30 -m 268435456
2016-12-05 16:56:24|ERROR|ERROR: connection with gpfdist failed for gpfdists://mdw:10008//tmp/gploadtest.txt. effective url: https://mdw:10008//tmp/gploadtest.txt. (seg12 slice1 sdw2:1029 pid=96784)
DETAIL: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
The certificates are valid. However, they were generated on a server on which the time is set to about 20 minutes ahead of ETL servers running gpload.
So the error will be hit if the certificates are used immediately on ETL servers after being generated as the machine time was not in the valid period of certificates.
ETL node4 Date and Time (Where server certs are installed):
root@etl4 ~ $ date
Thu Dec 8 16:29:29 PST 2016
CA Authority Server Date and Time (From where certs are generated):
Thu Dec 8 16:50:57 PST 2016
Valid period of certificates:
Not Before: Dec 8 03:49:09 2016 GMT
Not After : Nov 14 03:49:09 2116 GMT
Synchronize time on server for generating certificate and all the severs on GPDB cluster. Better to synchronize with NPT servers.
For the example given in this article another try in about 20 minutes after generation of certificates, gpload command could complete successfully.