Data 360: Error "Unable to connect to snowflake." when Creating Snowflake Connection in Data 360 Setup

Set Up a Snowflake Data Federation Connection outlines you should "not enter an encrypted private key". This error is most commonly encountered when using the wrong type of key.

The steps in the Snowflake documentation Key-pair authentication and rotation suggest using the following command to generate an unencrypted private key:

openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt

When you open the key file generated with this command in a notepad it will contain the following header to indicate it is an unencrypted private key:

-----BEGIN PRIVATE KEY-------

If the header mentions "ENCRYPTED" or an encryption algorithm such as "RSA" then it will return an error when setting up the Snowflake connection. As detailed in Set Up a Snowflake Data Federation Connection, when you enter the key into the input, don’t include the lines containing BEGIN PRIVATE KEY at the start of the key and END PRIVATE KEY at the end.

If you are using an unencrypted private key and still see this error, create a case with Data 360 support for further assistance. 

For Token Expiry error, ensure that the JWT token has not expired. If the expiration time has lapsed, you may need to generate a new token.

Verify that the public key has been assigned correctly to the user in Snowflake. If the key is not correctly assigned, authentication will fail.

Also Review Data 360 IP Allowlist and update your allowlists.

In addition to updating the allowlists, please verify if the non-legacy Account URL being used while setting up the connection.

According to Snowflake documentation, the standard URL formats are:
Account Name URL: https://<orgname>-<account_name>.snowflakecomputing.com
Connection Name URL: https://<orgname>-<connectionname>.snowflakecomputing.com
Account Locator URL (Legacy Format - Not Recommended): https://<accountlocator>.<region>.<cloud>.snowflakecomputing.com