Can't connect to Clickhouse using CA certificate

Completed

DataGrip cant't connect to yandex cloud clickhouse using ssl:
java.net.SocketException: Connection reset.

Where can I find more info about error and how to resolve it?

I'm able to connect via curl.

9 comments
Comment actions Permalink

If you go to Help -> Show log in... and open idea.log file you'll see more details about the error. Please share this file with me for investigation.

0
Comment actions Permalink

2020-06-10 15:53:14,140 [ 5879] INFO - .diagnostic.PerformanceWatcher - Unindexed files update took 187ms; general responsiveness: ok; EDT responsiveness: ok
2020-06-10 15:53:14,367 [ 6106] INFO - #com.intellij.AbstractBundle - Cannot load resource bundle from *.properties file, falling back to slow class loading: messages.PhpTBundle
2020-06-10 15:53:14,368 [ 6107] INFO - llij.ide.plugins.PluginManager - Cannot find plugin com.intellij.php.phpt resource-bundle: messages.PhpTBundle
2020-06-10 15:53:17,154 [ 8893] INFO - j.ide.plugins.RepositoryHelper - Couldn't load plugins from : java.net.MalformedURLException: Malformed URL:
2020-06-10 15:53:31,995 [ 23734] INFO - ution.rmi.RemoteProcessSupport - "C:\Program Files\JetBrains\PhpStorm 2020.1.1\jbr\bin\java" -Djava.net.preferIPv4Stack=true -Djava.rmi.server.hostname=127.0.0.1 -Duser.timezone=UTC -Dfile.encoding=UTF-8 -classpath "C:\Program Files\JetBrains\PhpStorm 2020.1.1\lib\util.jar;C:\Program Files\JetBrains\PhpStorm 2020.1.1\lib\trove4j.jar;C:\Program Files\JetBrains\PhpStorm 2020.1.1\lib\groovy-all-2.4.17.jar;C:\Program Files\JetBrains\PhpStorm 2020.1.1\plugins\DatabaseTools\lib\jdbc-console.jar;C:\Users\Aleksey\AppData\Roaming\JetBrains\PhpStorm2020.1\jdbc-drivers\ClickHouse\0.1.50\clickhouse-jdbc-0.1.50d.jar" com.intellij.database.remote.RemoteJdbcServer ru.yandex.clickhouse.ClickHouseDriver
2020-06-10 15:53:32,139 [ 23878] WARN - ution.rmi.RemoteProcessSupport - SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
2020-06-10 15:53:32,140 [ 23879] WARN - ution.rmi.RemoteProcessSupport - SLF4J: Defaulting to no-operation (NOP) logger implementation
2020-06-10 15:53:32,140 [ 23879] WARN - ution.rmi.RemoteProcessSupport - SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
2020-06-10 15:53:32,476 [ 24215] INFO - ution.rmi.RemoteProcessSupport - Port/ID: 55055/RemoteDriverImpl404dd845
2020-06-10 15:53:32,544 [ 24283] INFO - atabaseCredentialsAuthProvider - Connecting as: XXXXX
2020-06-10 15:53:32,545 [ 24284] INFO - .DatabaseConnectionEstablisher - Connecting to: jdbc:clickhouse://XXXXXXX.mdb.yandexcloud.net:8443/XXXXX
2020-06-10 15:53:32,576 [ 24315] INFO - ution.rmi.RemoteProcessSupport - Generated session_id: DataGrip_0594263d-ab6c-4610-8fee-8c1351f0ec62

1
Comment actions Permalink

Same problem for me. Trying to connect to Yandex.Cloud using this public certificate: https://storage.yandexcloud.net/cloud-certs/CA.pem

When using clickhouse-client everything works ok. This way:

$ curl --cacert cloud-certs/CA.pem 'https://XXXXXXXXXXX.mdb.yandexcloud.net:8443'
Ok.

Everything works fine too. But PyCharm does not connect and raises Connection reset error as if there is no certificate. The same error occurs if curl is called without --cacert option and https:// protocol:

$ curl 'XXXXXXXXXXXXX.mdb.yandexcloud.net:8443'
curl: (56) Recv failure: Connection reset by peer

The path to certificate is specified via CA File option on SSH/SSL tab of connection settings.

1
Comment actions Permalink

bryzgaloff, Sarento,

I filed an issue https://youtrack.jetbrains.com/issue/DBE-11048 based on your description.
Could you attach full IDE logs to the issue?

0
Comment actions Permalink

vasily chernov seems like it may contain some sensitive data. Could you please tell any exact thing you would like to see?

Here is the most useful and related part of the log I can see so far:

2020-06-23 00:20:10,582 [279486541]   INFO - ution.rmi.RemoteProcessSupport - /Applications/PyCharm.app/Contents/jbr/Contents/Home/bin/java -DsslCaCertPath=/Users/XXXXX/.ssh/yacloud-clickhouse.pem -Djava.rmi.server.hostname=127.0.0.1 -Duser.timezone=UTC -Dfile.encoding=UTF-8 -classpath "/Applications/PyCharm.app/Contents/lib/util.jar:/Applications/PyCharm.app/Contents/lib/trove4j.jar:/Applications/PyCharm.app/Contents/lib/groovy-all-2.4.17.jar:/Applications/PyCharm.app/Contents/plugins/DatabaseTools/lib/jdbc-console.jar:/Users/XXXXX/Library/Application Support/JetBrains/PyCharm2020.1/jdbc-drivers/ClickHouse/0.1.50/clickhouse-jdbc-0.1.50d.jar" com.intellij.database.remote.RemoteJdbcServer ru.yandex.clickhouse.ClickHouseDriver 
2020-06-23 00:20:10,906 [279486865] WARN - ution.rmi.RemoteProcessSupport - SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
2020-06-23 00:20:10,907 [279486866] WARN - ution.rmi.RemoteProcessSupport -
2020-06-23 00:20:10,907 [279486866] WARN - ution.rmi.RemoteProcessSupport - SLF4J: Defaulting to no-operation (NOP) logger implementation
2020-06-23 00:20:10,907 [279486866] WARN - ution.rmi.RemoteProcessSupport - SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
2020-06-23 00:20:11,270 [279487229] INFO - ution.rmi.RemoteProcessSupport - Port/ID: 5256/RemoteDriverImplc7579792
2020-06-23 00:20:11,379 [279487338] INFO - atabaseCredentialsAuthProvider - Connecting as: YYYYY
2020-06-23 00:20:11,379 [279487338] INFO - .DatabaseConnectionEstablisher - Connecting to: jdbc:clickhouse://ZZZZZ.mdb.yandexcloud.net:8443/XXXXX
2020-06-23 00:20:11,444 [279487403] INFO - ution.rmi.RemoteProcessSupport -
2020-06-23 00:20:11,496 [279487455] INFO - ution.rmi.RemoteProcessSupport - Generated session_id: DataGrip_cfe142b3-d4f1-4632-8e77-d8838a6dc47c
2020-06-23 00:20:11,497 [279487456] INFO - ution.rmi.RemoteProcessSupport - SSL MODE is VERIFY_CA

Need smth else? I see no errors. All the logs further are of such forms:

INFO - tPregeneratedSkeletonsProvider - Home path is /Applications/PyCharm.app/Contents
INFO - letons.PySkeletonGenerator$Run - _abc ('built-in')
0
Comment actions Permalink

BTW there is a public ClickHouse playground: https://clickhouse.tech/docs/ru/getting-started/playground/

And I cannot connect to it either:

On the SSH/SSL tab I checked «Use SSL» without any extra certificates provided and the above is the result (seems like no SSL is used in fact).

However, curl can connect through HTTPS:

$ curl https://play-api.clickhouse.tech:8443
Ok.

Maybe this it not directly related but I hope will help.

0
Comment actions Permalink

bryzgaloff,

>seems like it may contain some sensitive data. Could you please tell any exact thing you would like to see?

You can post logs in https://youtrack.jetbrains.com/issue/DBE-11048 and make it visible only for you and our team (jetbrains-team).

 


>BTW there is a public ClickHouse playground: https://clickhouse.tech/docs/ru/getting-started/playground/

IDE is working via JDBC driver which works upon https. I'll investigate the issue and thank you for playground.

0
Comment actions Permalink

vasily chernov, done. I have shared the logs with DataGrip Team since cannot find jetbrains-team.

0
Comment actions Permalink

Works for me starting from PyCharm 2020.2 (Professional Edition), Build #PY-202.6397.98. Thank everyone for the participation!

1

Please sign in to leave a comment.