Problem
When trying to connect to an LDAP/AD service over SSL or to a web service with custom SSL certificate, you receive the following error:
PKIX path building failed SunCertPathBuilderException: unable to find valid certification path to requested target
Cause
The error is related to the Java Virtual Machine (JVM) in which Datameer is running. This issue might be caused by a missing or incorrect certificates in JVMs keystore
or a recent security update.
Solution
1) If this is the first time you have seen the error, review our documentation regarding Connecting to an LDAP/Active Directory service over SSL, Custom SSL Configurations, and Custom certificates for Java JVM.
2) If you have seen this error before, consider the following questions:
- Which Certificate Authority (CA) does it use?
- Was it your own?
- Do you know if the certificate or authority became revoked recently?
3) Check your Java keystore
and the currently installed certificates.
The following commands can help you narrow down the cause:
- Check a stand-alone certificate
keytool -printcert -v -file <mydomain.crt>
- Check which certificates are within the Java
keystore
keytool -list -v -keystore </path-to-java/keystore>
- Check a particular
keystore
entry using an alias
keytool -list -v -keystore </path-to-java/keystore> -alias <yourdomain>
- List PKCS12 certificates
keytool -list -keystore </path-to-java/keystore> -storepass <storepasswd> -storetype PKCS12 -v
Comments
0 comments
Please sign in to leave a comment.