This website uses cookies. By clicking OK, you consent to the use of cookies. Read our cookie policy.
Accept
Reject
Community
Survey banner
Switching to Dataiku - a new area to help users who are transitioning from other tools and diving into Dataiku! CHECK IT OUT

SSLHandshakeException, unable to find valid certification path to requested target - AKS AZURE

Solved!
acastillo15
Level 1
โ€Ž02-09-2024 09:01 PM
SSLHandshakeException, unable to find valid certification path to requested target - AKS AZURE

Hello, 

I get an error when executing the flows in the spark engine, I am doing this configuration with AKS

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Operating system used: AlmaLinux

Operating system used: AlmaLinux

Preview file
11 KB
Preview file
103 KB
Preview file
116 KB
0 Kudos
Reply
1 Solution
Turribeach
Neuron
Neuron
โ€Ž02-09-2024 09:03 PM

I don't know what you need to do to fix this but this is the error you get when a client doesn't trust the SSL certificate issued by the server. So you either need to add the CA root to your trust store or ignore certificate validation.

View solution in original post

0 Kudos
Reply
9 Replies
Turribeach
Neuron
Neuron
โ€Ž02-09-2024 09:03 PM

I don't know what you need to do to fix this but this is the error you get when a client doesn't trust the SSL certificate issued by the server. So you either need to add the CA root to your trust store or ignore certificate validation.

0 Kudos
Reply
acastillo15
Level 1
Author
In response to Turribeach
โ€Ž02-09-2024 09:07 PM

Hello, the strange thing is that I have not configured any certificate in the design node (DSS) and in the cluster, which SSL certificate are you referring to?

0 Kudos
Reply
Turribeach
Neuron
Neuron
In response to acastillo15
โ€Ž02-09-2024 09:12 PM

Your container/image registry?

0 Kudos
Reply
acastillo15
Level 1
Author
โ€Ž02-09-2024 09:18 PM

my container/image registry? I use Azure, I have not configured anything in ACR

0 Kudos
Reply
jonhli
Level 2
Friday

@acastillo15 did you ever figure this one out?

0 Kudos
Reply
Turribeach
Neuron
Neuron
In response to jonhli
Friday

You need to deploy your company's internal CA Root certificates in your base AKS images using a docker file.

0 Kudos
Reply
jonhli
Level 2
In response to Turribeach
Friday

@Turribeach when you say in your base AKS images, do you mean to add it to this base image on build?

0 Kudos
Reply
acastillo15
Level 1
Author
In response to jonhli
Friday

We must go to Azure and in the cluster configuration section we must
Copy the ca.crt from the namespace.
We must copy the file to the DSS machine and execute the following
commands to add the certificate.
Copy the file to the following path cp ca.crt /etc/pki/ca trust/source/anchors
We update the update-ca-trust extract from the trust store
We verify the certificate in the following path /etc/pki/ca trust/extracted/openssl/

0 Kudos
Reply
A banner prompting to get Dataiku
Didn't Find What You Needed?

Post a Question

Help me โ€ฆ
โ€ฆ ask a question โ€ฆ search for an answer โ€ฆ learn to use the Community