Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us in Toronto Sept 9th for Qlik's AI Reality Tour! Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Fernandez
Creator II
Creator II
‎2024-09-16 09:28 AM

[HTTPS server - tRESTClient] Unable to find valid certification path to requested target

Hi,

I'm getting this error when I try to connect to HTTPS server with component tRESTClient : 

javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://myUrl: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Can you help me please ?

Many thanks

Labels (3)
Labels
997 Views
1 Solution

Accepted Solutions
Xiaodi_Shi
Employee
Employee
‎2024-09-17 10:29 PM

In response to Fernandez

Hello,

Usually the certificates used by the Talend server are trusted by Java by default. On which talend build version you got this issue and what's your Java version?

Could you please post the whole error trace here? Are you using any "SSL Forward proxy" (SSL Certificates are generated "on the fly" by ZScaler ) which ROOT certificate must be added in the java JVM cacerts as well?

Best regards

Sabrina

 

View solution in original post

941 Views
0 Likes
5 Replies
Fernandez
Creator II
Creator II
‎2024-09-16 11:47 AM
Author

I found this command to execute :

keytool -import -alias -aliasName -file pathToRootCA.crt -keystore cacerts

 

I did it, I got the message that the certificate has been added.

But I still add same error when I execute my Talend Job.

 

971 Views
0 Likes
Xiaodi_Shi
Employee
Employee
‎2024-09-17 10:29 PM

In response to Fernandez

Hello,

Usually the certificates used by the Talend server are trusted by Java by default. On which talend build version you got this issue and what's your Java version?

Could you please post the whole error trace here? Are you using any "SSL Forward proxy" (SSL Certificates are generated "on the fly" by ZScaler ) which ROOT certificate must be added in the java JVM cacerts as well?

Best regards

Sabrina

 

942 Views
0 Likes
Fernandez
Creator II
Creator II
‎2024-09-18 02:35 AM
Author

Hi Sabrina,

  1. I'm using TOS Data Integration 7.3.1 with jre 1.8.0_333
  2. I don't know for the SSL Forward proxy, I'm trying to get this information
  3. Below the whole error : 
[statistics] connected
sept. 18, 2024 8:28:05 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
AVERTISSEMENT: Interceptor for {https://api-imfdev.myactivhub.net/authentication/login}tRESTClient has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:67)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain(AbstractClient.java:701)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1086)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:932)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:901)
at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:364)
at org.apache.cxf.jaxrs.client.WebClient.post(WebClient.java:373)
at universcience.universcience_1_gettoken_0_1.Universcience_1_GetToken.tWriteJSONField_1_InProcess(Universcience_1_GetToken.java:6879)
at universcience.universcience_1_gettoken_0_1.Universcience_1_GetToken$1ThreadXMLField_tWriteJSONField_1_Out.run(Universcience_1_GetToken.java:5289)
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://api-imfdev.myactivhub.net/authentication/login: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1400)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1384)
at org.apache.cxf.io.AbstractWrappedOutputStream.close(AbstractWrappedOutputStream.java:77)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:671)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
... 9 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
at sun.security.ssl.SSLHandshake.consume(Unknown Source)
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at sun.security.ssl.TransportContext.dispatch(Unknown Source)
at sun.security.ssl.SSLTransport.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:274)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1343)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1304)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:307)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1356)
... 13 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 37 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 43 more
 
Exception in component tRESTClient_3 (Universcience_1_GetToken)
javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://api-imfdev.myactivhub.net/authentication/login: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.cxf.jaxrs.client.AbstractClient.checkClientException(AbstractClient.java:629)
at org.apache.cxf.jaxrs.client.AbstractClient.preProcessResult(AbstractClient.java:605)
at org.apache.cxf.jaxrs.client.WebClient.doResponse(WebClient.java:1150)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1087)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:932)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:901)
at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:364)
at org.apache.cxf.jaxrs.client.WebClient.post(WebClient.java:373)
at universcience.universcience_1_gettoken_0_1.Universcience_1_GetToken.tWriteJSONField_1_InProcess(Universcience_1_GetToken.java:6879)
at universcience.universcience_1_gettoken_0_1.Universcience_1_GetToken$1ThreadXMLField_tWriteJSONField_1_Out.run(Universcience_1_GetToken.java:5289)
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://api-imfdev.myactivhub.net/authentication/login: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1400)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1384)
at org.apache.cxf.io.AbstractWrappedOutputStream.close(AbstractWrappedOutputStream.java:77)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:671)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain(AbstractClient.java:701)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1086)
... 6 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.TransportContext.fatal(Unknown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
at sun.security.ssl.SSLHandshake.consume(Unknown Source)
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at sun.security.ssl.TransportContext.dispatch(Unknown Source)
at sun.security.ssl.SSLTransport.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:274)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1343)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1304)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:307)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1356)
... 13 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 37 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 43 more
[statistics] disconnected

 

 

 

925 Views
0 Likes
Fernandez
Creator II
Creator II
‎2024-09-25 10:09 AM
Author

Hi Sabrina, 

Indeed we are using a "SSL Forward proxy" and after having added ROOT certificate, it works.

Thanks

879 Views
0 Likes
Xiaodi_Shi
Employee
Employee
‎2024-09-25 10:38 PM

In response to Fernandez

Hello

Sorry for late response and great it works.

If a "SSL Forward proxy" is in the network, the "Talend Server" certificate received by Talend Studio is NOT the one sent by the Talend Server , it is a certificate generated by the  "SSL Forward proxy" and signed by the  "SSL Forward proxy ROOT CA" . This certificate can be regenerated by the  "SSL Forward proxy" with a different SN (Serial Number).

Best regards

Sabrina

867 Views
0 Likes