• Docs »
  • Diagnosing Common Connectivity Issues

Diagnosing Common Connectivity Issues

There are a variety of issues you could encounter while connecting to any online service, including Snowflake. For now, this topic focuses on issues with the certificate revocation list (CRL) or online certificate status protocol (OCSP) checks performed by Snowflake clients. As an integral component of securing communications, Snowflake clients verify the current validity of the signed Snowflake certificate issued by a trusted certificate authority (CA). If communication between the client and the CA or OCSP responder is blocked, an SSL error is generated.

Note also that all communication with Snowflake happens using port 443. If your workstation is behind a firewall, make sure that the network administrator for your organization has opened the firewall to traffic on port 443.

Verifying Communication with CA Site for CRL Check

Various network issues could prevent the Snowflake client from checking the validity of the certificate. One possibility for CRL checks is that your firewall is blocking access to the CA sites used by Snowflake.

Check whether you can reach a CA site used for a CRL check.

Windows

  1. Open a PowerShell window.

  2. Execute the following command. The The Invoke-WebRequest command sends an HTTP request to a web page or web service and returns a response.

    Invoke-WebRequest -Outfile crl_test.html http://crl.netsolssl.com/NetworkSolutionsOVServerCA2.crl
    

If the command returns an error, report the issue to your network administrator to diagnose the issue further.

Verifying Communication with OSCP Responder

To check whether access to the OCSP responder is blocked:

  1. In Google Chrome, log into your Snowflake account.

  2. Click the padlock (padlock) icon in the address bar, and click the Details button.

  3. Click the View Certificate button.

    OCSP certificate
  4. Locate the OCSP URI, and write it down.

Next, test your ability to access the OCSP URI.

Windows

  1. Open PowerShell on the host where the connectivity problem persists.

  2. Execute the following command:

    Invoke-WebRequest <ocsp_uri>
    

Linux/Mac

  1. Open a terminal on the host where the connectivity problem persists.

  2. Execute the following command:

    curl -I <ocsp_uri>
    
  • If the command returns an error, report the issue to your network administrator to diagnose the issue further.
  • If the command returns a status code other than 200, contact Snowflake Support at support@snowflake.net.