When trying to connect to an LDAP/AD service over SSL or to a web service with custom SSL certificate, you receive the following error:
PKIX path building failed SunCertPathBuilderException: unable to find valid certification path to requested target
The error is related to the Java Virtual Machine (JVM) in which Datameer is running. This issue might be caused by a missing or incorrect certificates in JVMs
keystore or a recent security update.
1) If this is the first time you have seen the error, review our documentation regarding Connecting to an LDAP/Active Directory service over SSL, Custom SSL Configurations, and Custom certificates for Java JVM.
2) If you have seen this error before, consider the following questions:
- Which Certificate Authority (CA) does it use?
- Was it your own?
- Do you know if the certificate or authority became revoked recently?
3) Check your Java
keystore and the currently installed certificates.
The following commands can help you narrow down the cause:
- Check a stand-alone certificate
keytool -printcert -v -file <mydomain.crt>
- Check which certificates are within the Java
keytool -list -v -keystore </path-to-java/keystore>
- Check a particular
keystoreentry using an alias
keytool -list -v -keystore </path-to-java/keystore> -alias <yourdomain>
- List PKCS12 certificates
keytool -list -keystore </path-to-java/keystore> -storepass <storepasswd> -storetype PKCS12 -v
Please sign in to leave a comment.