Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

Quick Launch

Average Rating:

facebook Twitter
Email
Print Bookmark Alert me when this article is updated

Feedback

ERROR: SSL handshake issue "unable to find valid certification path to requested target" while running a Task in IICS.
Problem Description
Error is seen in session log:

Fatal runtime error occurred : [com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Cause
-During the Summmer 2019 release, we have pushed out the new jdk version 1.8.0.221 package to all the agents. As part of that the cacerts in the old {Agent.Dir}/jre/lib/security was copied over to the new JDK cacerts in {Agent.Dir}/apps/jdk/1.8.0_202/jre/lib/security.

-Ideally the agent should be running using the new JDK {Agent.Dir}/apps/jdk. But we have seen some scenarios were the agent was still running using the old jre {Agent.Dir}/jre.

-This was an issue we had seen and fixed in the Fall 2019 release that went in over the weekend (November 16, 2019). Now agent would start only with the new JDK {Agent.Dir}/apps/jdk.

-So if there was any certificates imported to the old cacerts under {Agent.Dir}/jre/lib/security after Summer 2019 release it has to be added to the new cacerts in {Agent.Dir}/apps/jdk/1.8.0_202/jre/lib/security, since it agent is started with new JDK {Agent.Dir}/apps/jdk.

-Your tasks are failing after Fall 2019 release because the SSL certs were added to the cacerts in the old {Agent.Dir}/jre/lib/security and this is not loaded by the agent anymore.
Solution
​To resolve the issue please refer the below-given steps:

1) Copy and take a backup of the cacerts file in {Agent.Dir}/apps/jdk/1.8.0_202/jre/lib/security

2) Import the old cacerts from {Agent.Dir}/jre/lib/security to the new JDK cacerts in {Agent.Dir}/apps/jdk/1.8.0_202/jre/lib/security.

Command to import cacerts : {Agent.Dir}\apps\jdk\1.8.0_202\jre\bin\keytool -importkeystore -srckeystore "{Agent.Dir}\jre\lib\security\cacerts" -srcstorepass  changeit -destkeystore "{Agent.Dir}\apps\jdk\1.8.0_202\jre\lib\security\cacerts" -deststorepass changeit -noprompt

3) Login to the IICS Org and just stop and start the DIS service.​
More Information
Applies To
Product: Cloud Data Integration
Problem Type: Connectivity
User Type: Developer
Project Phase: Configure
Product Version:
Database:
Operating System:
Other Software:

Reference
Attachments
Last Modified Date:11/27/2019 12:12 PMID:606827
People who viewed this also viewed

Feedback

Did this KB document help you?



What can we do to improve this information (2000 or fewer characters)