Amazon QuickSight
User Guide

I can't connect even though my data source connection options look right (SSL)

Problems connecting can occur when SSL is incorrectly configured. The symptoms can include the following.

  • You can connect to your database in other ways or from other locations.

  • You can connect to a similar database but not this one.

Rule out the following circumstances:

  • Permissions issues

  • Availability issues

  • Expired or invalid certificate

  • Self-signed certificate

  • Certificate chain in the wrong order

  • Ports not enabled

  • Firewall blocking IP

  • VPC or security group not configured correctly.

To help find issues with SSL, you can use an online SSL checker, or a tool like OpenSSL.

The following example walks through troubleshooting a connection where SSL is suspect. The administrator in this example has already installed OpenSSL.

  1. The user finds an issue connecting to his database. He verifies that he can connect a different database in another region. He checks other versions of the same database and he can connect easily.

  2. The administrator reviews the issue and decides to verify that the certificates are working correctly. She searches online for an article on using OpenSSL to troubleshoot or debug SSL connections

  3. Using OpenSSL, the administrator verifies the SSL configuration in the terminal.

    echo quit openssl s_client –connect <host>:port

    The result shows that the certificate is not working:

    ... ... ... CONNECTED(00000003) 012345678901234:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:782: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 278 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None Start Time: 1497569068 Timeout : 300 (sec) Verify return code: 0 (ok) ---
  4. The administrator corrects the problem by installing the SSL certificate on the user's database server.

Please see the following for more detail on the solution in this example: