search

EMCECS / ecs-sync

ecs-sync is a bulk copy utility that can move data between various systems in parallel
Apache License 2.0
60 stars 22 forks source link

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] #82

Closed kalogc closed 2 years ago

kalogc commented 3 years ago

When running an ECS S3 -> ECS S3 sync job with https protocol and port 9021 I'm getting the below error:

[com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)

the job is finishing correctly when change the protocol to http. Do you have any suggestions? Thanks in advance for your help.

xiaoxin-ren commented 3 years ago

You will need to import ECS certificate to the java trust store, there's a procedure in the troubleshooting section: https://github.com/EMCECS/ecs-sync/wiki/Using-Corporate-CA-or-Self-Signed-SSL-Certificate

kalogc commented 3 years ago

Thanks for the upgrade! I followed the procedure you suggested I manually added the certificated but I still getting the same error.

xiaoxin-ren commented 3 years ago

@kalogc, the updated Java trust store does not take effect on the existing process. Have you restarted ecssync? It should work.

twincitiesguy commented 2 years ago

This is a pretty typical SSL configuration issue - closing this as the resolution is linked in a comment above