Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

Quick Launch

Average Rating:

(1 Rating)
facebook Twitter
Email
Print Bookmark Alert me when this article is updated

Feedback

ERROR: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" while starting DIS in Tomcat.log
Problem Description
Data Integration Service is stuck in Starting Upstate and the following error message is seen in the Tomcat.log:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)​​
Cause
New certificate needs to be added in cacerts file.
Solution
Steps to import certificates to Agents java cacerts : “{AgentInstallDir}\jre\lib\security\cacerts”.

1. Unzip the attached certificate file digi.zip. 
2. This will give you digi.cer file.
3. The certificates can be imported by using the keytool command (available under {AgentInstallDir}\apps\jdk\1.8.0_202\jre\bin) with the below syntax:

Go to the directory : cd {AgentInstallDir}\apps\jdk\1.8.0_202\jre\bin  for ex:

 keytool -import -trustcacerts -storepass <password_for_certificate> -alias <alias_name> -file <full_path_with_certificate_filename> -keystore <full_path_to_cacerts_file> -v

4. Before running this command please take backup of cacerts file present in the directory {AgentDir}\java\jre\lib\security\.

Example

For Windows Agent :
 keytool -import -trustcacerts -storepass changeit -alias DigiCert1 -file C:\digi\digi.cer -keystore ..\lib\security\cacerts -trustcacerts
For Linux Agent:
keytool -import -trustcacerts -storepass changeit -alias DigiCert1 -file /tmp/digi.cer -keystore ../lib/security/cacerts -trustcacerts
If you want to import more than one certificate, then you need to provide different/unique alias names in the -alias option of the above command.
5. Re-start the Agent. 


Note: The issue is seen in two scenarios. 

1. Custom Truststore is used instead of default cacerts.
2. System Java is used instead of Agent Java.


More Information
Steps to download the DigiCert or any other certificates from IICS : 
 
1. Go to Informatica Cloud Url (Ex: https://app.informaticaondemand.com/ma/loginusing Google Chrome or any other browser. Make sure that the website's address begins with HTTPS, and that a lock icon appears in the Address bar.

arrow.png

 2. Click the lock icon and then click View certificates to view the certificate used to encrypt the webpage.
 3. In the Certificate Wizard, navigate to the Certification Path tab and select DigiCert.

cert3.PNG

4. Refer the following kb to download & import certificate: https://kb.informatica.com/howto/6/Pages/21/526542.aspx
Applies To
Product: Cloud Data Integration
Problem Type: Security
User Type: Administrator
Project Phase: Implement
Product Version:
Database:
Operating System:
Other Software:

Reference
Attachments
Last Modified Date:10/9/2019 9:11 PMID:527461
People who viewed this also viewed

Feedback

Did this KB document help you?



What can we do to improve this information (2000 or fewer characters)