Error: unable to find valid certification path to requested target

[rafaelldi]

https://github.com/JetBrains/azure-tools-for-intellij/discussions/777#discussioncomment-8381402

[ThijmenDam]

Quoted from @rafaelldi in #777:

Could you please describe your scenario in more detail there? For example, are you using Azurite in a Docker container or installing it via npm. Or anything else that might be related to the problem. I need that to properly reproduce the issue.

I use Rider 2023.3.3. In Rider's Azurite settings, I point to C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\Extensions\Microsoft\Azure Storage Emulator\azurite.exe because Visual Studio is also installed on my PC. I self-signed an SSL certificate using mkcert on IP 127.0.0.1. Azurite is started by Rider, i.e. when I run a local Azure function, the "Start Azurite" service is automatically added under the " before launch" setting of the function's run configuration.

Furthermore, when I start the Azurite service in Rider manually and visit 127.0.0.1: in my browser, I see no SSL problems. If I leave out the SSL configuration in the Azure settings however, I do get an SSL warning, therefore I assume I have configured the self-signed certificate properly.

If you need more information, please let me know.

[rafaelldi]

Hi! Sorry for the late reply, I didn't have a chance to reproduce this problem earlier. To be honest, I don't have any problems. With mkcert I executed these two commands and generated the Azurite certificate.

mkcert -install
mkcert 127.0.0.1

I then set these values in the settings and started Azurite from the Services tool window.

Everything started successfully.

While investigating this, I realized that there is no way to set the --oauth basic option to the Azurite executable. I will add this setting.

You can then set this connection string in the local.settings.json file in the AzureWebJobsStorage field, and the function will successfully connect to the https endpoint.

"AzureWebJobsStorage": "DefaultEndpointsProtocol=https;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=https://127.0.0.1:10000/devstoreaccount1;QueueEndpoint=https://127.0.0.1:10001/devstoreaccount1;TableEndpoint=https://127.0.0.1:10002/devstoreaccount1;"

[wislon]

Hi,

I have exactly the same problem, but it doesn't appear to be related to Azurite.

I've checked the Azurite settings, and there's no problem spinning it up or connecting to it. I even took the step of creating a certificate using the mkcert command, and also removing Azurite from the 'pre launch' config, but still no dice.

I did some more digging and came across a youtrack article on a search engine which seemed to be exactly what I was experiencing, but the link went to an 'issue not found'. However the description (see screenshot of summary below) pretty much described exactly what I was experiencing.

This is the link it was pointing to: https://youtrack.jetbrains.com/issue/RIDER-117246

I've combed through YouTrack trying to find it, perhaps it's been deleted.

It was working previously, but seemed to break around the upgrade to Rider 2024.2.4 (I have subsequently updated to 2024.2.5 but the problem persists). I also have the latest version of the Azure Toolkit for Rider plugin (v4.2.0), and have tried downgrading that plugin too, also with no luck.

The same function works perfectly (and always has done) under Visual Studio 2022. It's easily reproducible for me:

• Create a new Azure function, with any trigger (I used http), using either VS or Rider. It doesn't matter.
• Build it.
• Run it. Visual Studio works, Rider does not (but used to).

The error, when it comes up if I hit Run or Debug (it doesn't matter) is this:

But that is literally ALL it gives you, there is no indication in the error as to what has happened.

I found the error in the idea.x.log files, and it seems to be related to the Azure Toolkit plugin, but I am not sure why (starts at the SEVERE entry, below):

2024-09-21 13:04:59,215 [  18008]   INFO - #c.i.p.w.WhatsNewShowOnStartCheckService - Got What's New content: com.intellij.platform.whatsNew.WhatsNewVisionContent@11f2446d
2024-09-21 13:04:59,224 [  18017]   INFO - #c.i.p.w.WhatsNewContentVersionChecker - Comparing versions 2024-2.5-22855-7890de2744a5f60a239878afaffeaa01425f5c54 and 2024-2.3-21829-7890de2744a5f60a239878afaffeaa01425f5c54: false.
2024-09-21 13:04:59,224 [  18017]   INFO - #c.i.p.w.WhatsNewShowOnStartCheckService - Should show What's New: false
2024-09-21 13:04:59,278 [  18071] SEVERE - #c.i.i.s.i.StartupManagerImpl - unable to find valid certification path to requested target [Plugin: com.intellij.resharper.azure]
com.intellij.diagnostic.PluginException: unable to find valid certification path to requested target [Plugin: com.intellij.resharper.azure]
    at com.intellij.ide.startup.impl.StartupManagerImplKt$launchActivity$1.invokeSuspend(StartupManagerImpl.kt:502)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
    at kotlinx.coroutines.UndispatchedCoroutine.afterResume(CoroutineContext.kt:277)
    at kotlinx.coroutines.AbstractCoroutine.resumeWith(AbstractCoroutine.kt:99)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:46)
    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:102)
    at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:608)
    at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:873)
    at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:763)
    at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:750)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:383)
    at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:271)
    at java.base/sun.security.validator.Validator.validate(Validator.java:256)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:241)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:113)
    at io.ktor.network.tls.TLSClientHandshake.handleCertificatesAndKeys(TLSClientHandshake.kt:235)
    at io.ktor.network.tls.TLSClientHandshake.access$handleCertificatesAndKeys(TLSClientHandshake.kt:24)
    at io.ktor.network.tls.TLSClientHandshake$handleCertificatesAndKeys$1.invokeSuspend(TLSClientHandshake.kt)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:104)
    at kotlinx.coroutines.internal.SoftLimitedDispatcher$Worker.run(SoftLimitedDispatcher.kt:125)
    at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:99)
    ... 4 more
2024-09-21 13:04:59,278 [  18071] SEVERE - #c.i.i.s.i.StartupManagerImpl - JetBrains Rider 2024.2.5  Build #RD-242.22855.90
2024-09-21 13:04:59,278 [  18071] SEVERE - #c.i.i.s.i.StartupManagerImpl - JDK: 21.0.3; VM: OpenJDK 64-Bit Server VM; Vendor: JetBrains s.r.o.
2024-09-21 13:04:59,278 [  18071] SEVERE - #c.i.i.s.i.StartupManagerImpl - OS: Windows 10
2024-09-21 13:04:59,278 [  18071] SEVERE - #c.i.i.s.i.StartupManagerImpl - Plugin to blame: Azure Toolkit for Rider version: 4.2.0
2024-09-21 13:04:59,829 [  18622]   INFO - #PluginsAdvertiser - Plugin is ignored by user, suggestion will not be shown: fr.socolin.application-insights-debug-log-viewer
2024-09-21 13:04:59,829 [  18622]   INFO - #PluginsAdvertiser - Plugin is ignored by user, suggestion will not be shown: fr.socolin.application-insights-debug-log-viewer
2024-09-21 13:04:59,829 [  18622]   INFO - #PluginsAdvertiser - Plugin is ignored by user, suggestion will not be shown: com.intellij.kubernetes
2024-09-21 13:05:00,086 [  18879]   INFO - #c.i.k.a.KubernetesApiProvider - Configuration applied to executor
2024-09-21 13:05:00,089 [  18882]   INFO - #c.i.k.a.KubernetesApiProvider - Configuration refresh finished

Any idea what/where is it trying to connect to. or validate with, so I can sort out the relevant certificate for it? Assuming this is something I can even do... could it be the plugin was signed with a different cert, or something?

Edit to add: I am not sure if it's related, but I've also discovered that it seems to have clobbered all my Azure Function launch configurations. Previously there used to be at least one 'lightning bolt' Azure function run/debug config entry for each function. They've all gone now, replaced by a series of '?' configs which it says it can't edit.

Thanks :)

[rafaelldi]

Thanks for such a detailed report. I will take a look. The visibility of the RIDER-117246 ticket is limited by its author.

[wislon]

Awesome, thank you :) ...and that explains that... makes sense :)

I've also just added another paragraph to the end of that report. I am not sure if it's related. If not, no worries!

[rafaelldi]

@wislon

Hello! I've started to investigate this problem. Unfortunately, it isn't reproducible on my side, and this log only contains stack traces from the libraries, so it's hard to tell where it comes from.

Could you please answer some questions?

Previously there used to be at least one 'lightning bolt' Azure function run/debug config entry for each function. They've all gone now, replaced by a series of '?' configs which it says it can't edit.

After upgrading to the version 4 of the plugin, some of the Azure run configurations became invalid, because we have some breaking changes between major versions of the plugin. But there should be another run configuration with the 'lightning bolt'. Could you please check if you're using this particular run configuration and not the default .NET Launch Settings Profile?

[rafaelldi]

I think I've found the problem. This PR #930 should fix it. Please check the next version of the plugin 4.2.1.

[wislon]

@rafaelldi thanks for getting back to me so quickly!

to answer your first question, regarding the run config: yes, I am using that 'new' version (but of course I couldn't test it, and for a while I thought it was the config itself which was the problem 😉 ). I have been bitten before by using the dotnet one (little rocket ship), so it was actually one of the first things I checked, which is when I discovered all the lightning-bolt ones were replaced by ones which Rider couldn't load. So I just made some new ones, but then couldn't launch anything 😄

I will load up that new version of the plugin and give it a go this morning, and I will report back here regardless of outcome.

Edit: plugin version 4.2.1 isn't available on marketplace or plugin download page yet, so I'll check back later.

Thanks!