Qlik Talend Studio: Resolving javax.net.ssl.SSLHandshakeException: PKIX Path Building Failed in Talend Studio

When using Talend Studio, you may encounter the following error while attempting to open a remote project or apply a patch update:

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This error typically arises due to a missing or untrusted certificate in the Java keystore required to establish a secure connection. This article provides step-by-step instructions to resolve this issue in two common scenarios:

1. Opening a remote project in Talend Studio.
2. Applying a patch update to Talend Studio 8 from the Talend update repository.

Resolution

Scenario 1: Opening a Remote Project in Talend Studio

Steps to Resolve:

Verify Java Version:

• Ensure you are using a supported version of Java for your Talend Studio version.
• Reference Talend documentation for compatible Java environments: Talend Documentation.

Download and Install the Required CA Certificate:

• Go to the Talend Administration Center or Talend Cloud URL.
• Click the padlock icon in the browser to view the site information and download the root certificate.

Import the CA Certificate into Java Keystore:

Locate the cacerts file (typically at <JAVA_HOME>/jre/lib/security/cacerts).

Open a command prompt or terminal and navigate to the directory containing your cacerts file.

Use the keytool command to import the certificate:

keytool -import -alias <alias_name> -file <path_to_certificate_file> -keystore <path_to_your_jdk>/jre/lib/security/cacerts

Replace:

• <alias_name>: A unique name for the certificate.
• <path_to_certificate_file>: Path to the downloaded certificate file.
• <path_to_your_jdk>: Path to your JDK installation.

When prompted, enter the keystore password (default is changeit).

Verify the Import:

List the certificates in the cacerts file using:

keytool -list -v -keystore <path_to_your_jdk>/jre/lib/security/cacerts

Ensure the imported certificate appears in the list.

Scenario 2: Applying a Patch Update to Talend Studio 8

Steps to Resolve:

Verify Java Version:

• Confirm you are using a supported Java version as described above.

Download Required CA Certificate:

• Access the Talend update URL: https://update.talend.com/Studio/8/updates.
• Download the root certificate following the same steps as in Scenario 1.

Import the Certificate into Java Keystore:

• Follow the same import steps as detailed above.

Configure Talend Studio to Use the Updated Keystore:

Add the following JVM argument to your Talend Studio talend.ini file:

-Djavax.net.ssl.trustStore=<path_to_your_jdk>/jre/lib/security/cacerts

Replace <path_to_your_jdk> with the path to your JDK installation.

Special Considerations for Corporate Environments

If you are operating behind a corporate proxy, you may need to import the proxy server's SSL certificate into your Java keystore. Similarly, any specific corporate firewall rules that could be blocking connections to Talend Cloud should be reviewed and configured to allow necessary traffic.

Additional Resources

• Java Keytool Documentation

Environment

• Talend Studio 8.0.1