Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Save $650 on Qlik Connect, Dec 1 - 7, our lowest price of the year. Register with code CYBERWEEK: Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Claudio3
Contributor
Contributor
‎2020-02-13 11:43 AM

SSL inspection and Talend on AWS

Dear all,

I have an issue using talend on corporate network with s3 files; my corporate internet gatway is chaning the SSL/HTTPS certification path with custom CA trusted by domain computer.

 

That's ok for all component but aws sdk is performing a deep check on CA and the job fail with the following error.

Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleRetryableException(AmazonHttpClient.java:1134)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1080)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:745)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:719)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:701)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:669)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:651)
	at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:515)
	at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4443)
	at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4390)
	at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4384)
	at com.amazonaws.services.s3.AmazonS3Client.getS3AccountOwner(AmazonS3Client.java:932)
	at com.amazonaws.services.s3.AmazonS3Client.getS3AccountOwner(AmazonS3Client.java:922)

I've found a way to skip a strong https check, passing specific java options -Dcom.amazonaws.sdk.disableCertChecking=true as documented here.

 

Now, I want to found a way to set this parameter for my computer only: the cloud agent on production data must ignore this local override.

 

How can I achieve this goal on Talend Studio with Licensed Real time Big Data Edition ?


I have tried to set the property globally, but reployinh and running a job on a cloud engine the security warning appears on logs.

 

0683p000009M95q.png

 

Labels (1)
Labels

  • Other

427 Views
0 Likes
0 Replies