Ask Your Question

Caused by: PKIX path building failed: unable to find valid certification path to requested target

asked 2017-05-15 17:44:53 -0500

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

I tried to following the instructions to enable Kerberos settings and complete the configuration, but streamsets is not authenticating users in LDAP

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2017-05-15 21:52:19 -0500

adam gravatar image

updated 2019-06-06 14:45:13 -0500

metadaddy gravatar image

Generally, Java error messages including "PKIX path building failed" indicate that you were trying to establish a TLS connection to a host, but the certificate chain was missing a link between the cert the host sent and the set of trusted certificate authorities (CA) in your Java's TrustStore.

In some places, SDC provides explicit config points for providing a supplemental TrustStore that has the necessary intermediate certificates or CA that's missing. This is common among newer public CAs and when using certificates signed by a non-public corporate CA.

Likely, the solution to your problem would be to create a TrustStore that includes the full certificate chain of your LDAP server and set it JVM-wide with the and system properties.

You can pass this at startup by modifying the SDC_JAVA_OPTS environment variable, for example:

There are some pretty good documents online and in Cloudera's documentation regarding TrustStores.

edit flag offensive delete link more


Where to put these configurations ?

KeerthiS gravatar imageKeerthiS ( 2019-06-06 14:18:35 -0500 )edit

@KeerthiS - I added a link to the relevant section of the docs

metadaddy gravatar imagemetadaddy ( 2019-06-06 14:45:46 -0500 )edit
Login/Signup to Answer

Question Tools


Asked: 2017-05-15 17:44:53 -0500

Seen: 5,086 times

Last updated: Jun 06 '19