Ask Your Question
1

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

asked 2017-05-15 17:44:53 -0500

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

I tried to following the instructions to enable Kerberos settings and complete the configuration, but streamsets is not authenticating users in LDAP

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2017-05-15 21:52:19 -0500

adam gravatar image

Generally, Java error messages including "PKIX path building failed" indicate that you were trying to establish a TLS connection to a host, but the certificate chain was missing a link between the cert the host sent and the set of trusted certificate authorities (CA) in your Java's TrustStore.

In some places, SDC provides explicit config points for providing a supplemental TrustStore that has the necessary intermediate certificates or CA that's missing. This is common among newer public CAs and when using certificates signed by a non-public corporate CA.

Likely, the solution to your problem would be to create a TrustStore that includes the full certificate chain of your LDAP server and set it JVM-wide with the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword system properties.

You can pass this at startup via the SDC_JAVA_OPTS environment variable, for example:

SDC_JAVA_OPTS=-Djavax.net.ssl.trustStore=/path/to/truststore.jks -Djavax.net.ssl.trustStorePassword=somepassword

There are some pretty good documents online and in Cloudera's documentation regarding TrustStores. https://www.cloudera.com/documentatio...

edit flag offensive delete link more
Login/Signup to Answer

Question Tools

Stats

Asked: 2017-05-15 17:44:53 -0500

Seen: 355 times

Last updated: May 15 '17