【发布时间】:2021-06-07 20:33:30
【问题描述】:
我正在为 Snowflake PrivateLink 设置 VPC 端点。我正在关注https://docs.snowflake.com/en/user-guide/admin-security-privatelink.html 和https://community.snowflake.com/s/article/Invalid-certificate-error-reported-for-PrivateLink-hosts。
在我配置了 VPC 终端节点和 Route 53 私有托管区域之后。我通过提供一个 ec2 实例来测试连接,将其 sshed 到该实例并运行以下命令
- nslookup {my-account}.{region}.privatelink.snowflakecomputing.com,我得到了
Server: 10.0.0.2
Address: 10.0.0.2#53
Non-authoritative answer:
<my-account>.<region>.privatelink.snowflakecomputing.com canonical name = prod2-wildcard-1407098313.<region>.elb.amazonaws.com.
Name: prod2-wildcard-1407098313.<region>.elb.amazonaws.com
Address: ...
Name: prod2-wildcard-1407098313.<region>.elb.amazonaws.com
Address: ...
Name: prod2-wildcard-1407098313.<region>.elb.amazonaws.com
Address: ...
- 运行
SELECT SYSTEM$WHITELIST_PRIVATELINK();并将结果存储到whitelist.json,然后运行snowcd whitelist.json,我得到了
Error: x509: certificate is valid for *.<region>.snowflakecomputing.com, *.snowflakecomputing.com, *.global.snowflakecomputing.com, *.prod1.<region>.aws.snowflakecomputing.com, *.prod2.<region>.aws.snowflakecomputing.com, *.<region>.aws.snowflakecomputing.com, not <my-account>.<region>.privatelink.snowflakecomputing.com
- 然后我运行 curl -v ..privatelink.snowflakecomputing.com,我得到了
* Server certificate:
* subject: CN=*.<region>.snowflakecomputing.com
* start date: Jul 21 00:00:00 2020 GMT
* expire date: Aug 21 12:00:00 2021 GMT
* subjectAltName does not match <my-account>.<region>.privatelink.snowflakecomputing.com
* SSL: no alternative certificate subject name matches target host name '<my-account>.<region>.privatelink.snowflakecomputing.com'
- 然后我运行
sudo openssl s_client -connect <my-account>.<region>.privatelink.snowflakecomputing.com:443 -showcerts,我得到了
depth=4 ...
verify return:1
depth=3 ...
verify return:1
depth=2 ...
verify return:1
depth=1 ...
verify return:1
depth=0 CN = *.<region>.snowflakecomputing.com
verify return:1
有谁知道我在这里错过了什么?谢谢
【问题讨论】:
-
这可能是一个愚蠢的问题,但您是否与 Snowflake 支持部门合作在 Snowflake 端设置 PrivateLink?
标签: snowflake-cloud-data-platform