Connecting to Prestodb

Get Help
1

Running into error Error setting up SSL: toDerInputStream rejects tag type 100 when adding Presto db (on localhost:8080) as a database on Metabase (on localhost:3000). I am able to run queries using presto-cli but unable to connect it with Metabase.

Screenshot 2023-05-31 at 1.55.50 PM
Screenshot 2023-05-31 at 1.55.50 PM1694×2048 200 KB

Error log:

2023-05-31 11:58:27,435 DEBUG middleware.log :: GET /api/database 200 4.6 ms (3 DB calls) App DB connections: 0/7 Jetty threads: 5/50 (2 idle, 0 queued) (99 total active threads) Queries in flight: 0 (0 queued)
2023-05-31 11:58:42,574 ERROR api.database :: Cannot connect to Database
clojure.lang.ExceptionInfo: Error setting up SSL: toDerInputStream rejects tag type 100 {:message "Error setting up SSL: toDerInputStream rejects tag type 100"}
	at metabase.driver.util$can_connect_with_details_QMARK_.invokeStatic(util.clj:159)
	at metabase.driver.util$can_connect_with_details_QMARK_.doInvoke(util.clj:132)
	at clojure.lang.RestFn.invoke(RestFn.java:442)
	at metabase.api.database$test_database_connection.invokeStatic(database.clj:677)
	at metabase.api.database$test_database_connection.doInvoke(database.clj:667)
	at clojure.lang.RestFn.invoke(RestFn.java:425)
	at metabase.api.database$fn__94961$test_connection_details__94966$fn__94967.invoke(database.clj:730)
	at metabase.api.database$fn__94961$test_connection_details__94966.invoke(database.clj:711)
	at metabase.api.database$fn__94994.invokeStatic(database.clj:749)
	at metabase.api.database$fn__94994.invoke(database.clj:735)
	at compojure.core$wrap_response$fn__42386.invoke(core.clj:160)
	at compojure.core$wrap_route_middleware$fn__42370.invoke(core.clj:132)
	at compojure.core$wrap_route_info$fn__42375.invoke(core.clj:139)
	at compojure.core$wrap_route_matches$fn__42379.invoke(core.clj:151)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at compojure.core$wrap_route_matches$fn__42379.invoke(core.clj:152)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398.invoke(core.clj:200)
	at metabase.server.middleware.auth$enforce_authentication$fn__86706.invoke(auth.clj:17)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398.invoke(core.clj:200)
	at compojure.core$make_context$handler__42426.invoke(core.clj:290)
	at compojure.core$make_context$fn__42430.invoke(core.clj:300)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at compojure.core$make_context$fn__42430.invoke(core.clj:301)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at compojure.core$make_context$fn__42430.invoke(core.clj:301)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at compojure.core$make_context$fn__42430.invoke(core.clj:301)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at compojure.core$make_context$fn__42430.invoke(core.clj:301)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at compojure.core$make_context$fn__42430.invoke(core.clj:301)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at compojure.core$make_context$fn__42430.invoke(core.clj:301)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at compojure.core$make_context$fn__42430.invoke(core.clj:301)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at compojure.core$make_context$fn__42430.invoke(core.clj:301)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at metabase.api.routes$fn__98511$fn__98514.invoke(routes.clj:64)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398.invoke(core.clj:200)
	at clojure.lang.AFn.applyToHelper(AFn.java:160)
	at clojure.lang.AFn.applyTo(AFn.java:144)
	at clojure.core$apply.invokeStatic(core.clj:667)
	at clojure.core$apply.invoke(core.clj:662)
	at metabase.server.routes$fn__98672$fn__98673.doInvoke(routes.clj:70)
	at clojure.lang.RestFn.invoke(RestFn.java:436)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398.invoke(core.clj:200)
	at compojure.core$make_context$handler__42426.invoke(core.clj:290)
	at compojure.core$make_context$fn__42430.invoke(core.clj:300)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at compojure.core$wrap_route_matches$fn__42379.invoke(core.clj:153)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at compojure.core$wrap_route_matches$fn__42379.invoke(core.clj:153)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at compojure.core$wrap_route_matches$fn__42379.invoke(core.clj:153)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398$f__42399$respond_SINGLEQUOTE___42400.invoke(core.clj:197)
	at metabase.server.routes$fn__98657$fn__98659.invoke(routes.clj:47)
	at compojure.core$routes$fn__42398$f__42399.invoke(core.clj:198)
	at compojure.core$routes$fn__42398.invoke(core.clj:200)
	at metabase.server.middleware.exceptions$catch_uncaught_exceptions$fn__95304.invoke(exceptions.clj:103)
	at metabase.server.middleware.exceptions$catch_api_exceptions$fn__95301.invoke(exceptions.clj:91)
	at metabase.server.middleware.log$log_api_call$fn__100396$fn__100397$fn__100398.invoke(log.clj:216)
	at metabase.driver.sql_jdbc.execute.diagnostic$do_with_diagnostic_info.invokeStatic(diagnostic.clj:18)
	at metabase.driver.sql_jdbc.execute.diagnostic$do_with_diagnostic_info.invoke(diagnostic.clj:12)
	at metabase.server.middleware.log$log_api_call$fn__100396$fn__100397.invoke(log.clj:208)
	at toucan2.execute$do_with_call_counts.invokeStatic(execute.clj:112)
	at toucan2.execute$do_with_call_counts.invoke(execute.clj:103)
	at metabase.server.middleware.log$log_api_call$fn__100396.invoke(log.clj:207)
	at metabase.server.middleware.browser_cookie$ensure_browser_id_cookie$fn__103823.invoke(browser_cookie.clj:42)
	at metabase.server.middleware.security$add_security_headers$fn__79562.invoke(security.clj:153)
	at metabase.server.middleware.json$wrap_json_body$fn__102563.invoke(json.clj:67)
	at metabase.server.middleware.offset_paging$handle_paging$fn__79586.invoke(offset_paging.clj:45)
	at metabase.server.middleware.json$wrap_streamed_json_response$fn__102581.invoke(json.clj:103)
	at ring.middleware.keyword_params$wrap_keyword_params$fn__104090.invoke(keyword_params.clj:55)
	at ring.middleware.params$wrap_params$fn__104109.invoke(params.clj:77)
	at metabase.server.middleware.misc$maybe_set_site_url$fn__50518.invoke(misc.clj:61)
	at metabase.server.middleware.session$reset_session_timeout$fn__63863.invoke(session.clj:441)
	at metabase.server.middleware.session$bind_current_user$fn__63832$fn__63833.invoke(session.clj:336)
	at metabase.server.middleware.session$do_with_current_user.invokeStatic(session.clj:315)
	at metabase.server.middleware.session$do_with_current_user.invoke(session.clj:304)
	at metabase.server.middleware.session$bind_current_user$fn__63832.invoke(session.clj:335)
	at metabase.server.middleware.session$wrap_current_user_info$fn__63813.invoke(session.clj:285)
	at metabase.server.middleware.session$wrap_session_id$fn__63796.invoke(session.clj:217)
	at metabase.server.middleware.auth$wrap_api_key$fn__86714.invoke(auth.clj:30)
	at ring.middleware.cookies$wrap_cookies$fn__104010.invoke(cookies.clj:216)
	at metabase.server.middleware.misc$add_content_type$fn__50500.invoke(misc.clj:29)
	at metabase.server.middleware.misc$disable_streaming_buffering$fn__50526.invoke(misc.clj:78)
	at ring.middleware.gzip$wrap_gzip$fn__104052.invoke(gzip.clj:86)
	at metabase.server.middleware.misc$bind_request$fn__50529.invoke(misc.clj:95)
	at metabase.server.middleware.ssl$redirect_to_https_middleware$fn__103839.invoke(ssl.clj:41)
	at metabase.server$async_proxy_handler$fn__99162.invoke(server.clj:77)
	at metabase.server.proxy$org.eclipse.jetty.server.handler.AbstractHandler$ff19274a.handle(Unknown Source)
	at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:173)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
	at org.eclipse.jetty.server.Server.handle(Server.java:563)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
	at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:416)
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:385)
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:272)
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:140)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:936)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1080)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.sql.SQLException: Error setting up SSL: toDerInputStream rejects tag type 100
	at com.facebook.presto.jdbc.PrestoDriverUri.setupClient(PrestoDriverUri.java:269)
	at com.facebook.presto.jdbc.PrestoDriver.connect(PrestoDriver.java:90)
	at metabase.plugins.jdbc_proxy$proxy_driver$reify__78880.connect(jdbc_proxy.clj:37)
	at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677)
	at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:189)
	at clojure.java.jdbc$get_driver_connection.invokeStatic(jdbc.clj:271)
	at clojure.java.jdbc$get_driver_connection.invoke(jdbc.clj:250)
	at clojure.java.jdbc$get_connection.invokeStatic(jdbc.clj:411)
	at clojure.java.jdbc$get_connection.invoke(jdbc.clj:274)
	at clojure.java.jdbc$db_query_with_resultset_STAR_.invokeStatic(jdbc.clj:1111)
	at clojure.java.jdbc$db_query_with_resultset_STAR_.invoke(jdbc.clj:1093)
	at clojure.java.jdbc$query.invokeStatic(jdbc.clj:1182)
	at clojure.java.jdbc$query.invoke(jdbc.clj:1144)
	at clojure.java.jdbc$query.invokeStatic(jdbc.clj:1160)
	at clojure.java.jdbc$query.invoke(jdbc.clj:1144)
	at metabase.driver.sql_jdbc.connection$can_connect_with_spec_QMARK_.invokeStatic(connection.clj:302)
	at metabase.driver.sql_jdbc.connection$can_connect_with_spec_QMARK_.invoke(connection.clj:299)
	at metabase.driver.sql_jdbc.connection$can_connect_QMARK_$fn__50138.invoke(connection.clj:311)
	at metabase.driver.sql_jdbc.connection$do_with_connection_spec_for_testing_connection$fn__50120.invoke(connection.clj:287)
	at metabase.util.ssh$do_with_ssh_tunnel.invokeStatic(ssh.clj:141)
	at metabase.util.ssh$do_with_ssh_tunnel.invoke(ssh.clj:130)
	at metabase.driver.sql_jdbc.connection$do_with_connection_spec_for_testing_connection.invokeStatic(connection.clj:285)
	at metabase.driver.sql_jdbc.connection$do_with_connection_spec_for_testing_connection.invoke(connection.clj:281)
	at metabase.driver.sql_jdbc.connection$can_connect_QMARK_.invokeStatic(connection.clj:310)
	at metabase.driver.sql_jdbc.connection$can_connect_QMARK_.invoke(connection.clj:306)
	at metabase.driver.sql_jdbc$fn__105117.invokeStatic(sql_jdbc.clj:43)
	at metabase.driver.sql_jdbc$fn__105117.invoke(sql_jdbc.clj:41)
	at clojure.lang.MultiFn.invoke(MultiFn.java:234)
	at metabase.driver.util$can_connect_with_details_QMARK_$fn__46851.invoke(util.clj:144)
	at clojure.core$binding_conveyor_fn$fn__5823.invoke(core.clj:2047)
	at clojure.lang.AFn.call(AFn.java:18)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	... 1 more
Caused by: com.facebook.presto.jdbc.internal.client.ClientException: Error setting up SSL: toDerInputStream rejects tag type 100
	at com.facebook.presto.jdbc.internal.client.OkHttpUtil.setupSsl(OkHttpUtil.java:202)
	at com.facebook.presto.jdbc.PrestoDriverUri.setupClient(PrestoDriverUri.java:234)
	... 34 more
Caused by: java.io.IOException: toDerInputStream rejects tag type 100
	at java.base/sun.security.util.DerValue.toDerInputStream(DerValue.java:886)
	at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1974)
	at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
	at java.base/java.security.KeyStore.load(KeyStore.java:1479)
	at com.facebook.presto.jdbc.internal.client.OkHttpUtil.setupSsl(OkHttpUtil.java:169)
	... 35 more
2023-05-31 11:58:42,586 DEBUG middleware.log :: POST /api/database 400 14.3 ms (1 DB calls) 
{:message "Error setting up SSL: toDerInputStream rejects tag type 100"}
2

troubleshooting info?

3

I've encountered this issue and could use some help with it as well.

When setting up a secure connection to Presto, I used a certificate generated using the recommended commands from the secure Presto configuration documentation.

When configuring Metabase to connect to it, I received an error that led me to try converting the JKS file to PKCS12.

keytool -importkeystore -srckeystore presto-keystore.jks -destkeystore presto-keystore.p12 -srcstoretype JKS -deststoretype PKCS12 -deststorepass <password_here>

When attempting to connect to the Presto DB with the PKCS12, I see the same

Caused by: java.io.IOException: toDerInputStream rejects tag type 100
        at java.base/sun.security.util.DerValue.toDerInputStream(Unknown Source)
        at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
        at java.base/sun.security.util.KeyStoreDelegator.engineLoad(Unknown Source)
        at java.base/java.security.KeyStore.load(Unknown Source)
        at com.facebook.presto.jdbc.internal.client.OkHttpUtil.setupSsl(OkHttpUtil.java:169)
        ... 35 more

I'm not much good with Java, nor certificates, so I had some difficulty deciphering what this error is telling me beyond that it doesn't like the cert. I believe this is the source code.

4

troubleshooting info?

5

I was able to resolve this issue by using my original Presto JKS and using the "Local File Path" option rather than using "Uploaded file path."