SSLHandshakeException, unable to find valid certification path to requested target - AKS AZURE

Hello,
I get an error when executing the flows in the spark engine, I am doing this configuration with AKS
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Operating system used: AlmaLinux
Operating system used: AlmaLinux
Best Answer
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,301 Neuron
I don't know what you need to do to fix this but this is the error you get when a client doesn't trust the SSL certificate issued by the server. So you either need to add the CA root to your trust store or ignore certificate validation.
Answers
-
acastillo15 Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 4 ✭
Hello, the strange thing is that I have not configured any certificate in the design node (DSS) and in the cluster, which SSL certificate are you referring to?
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,301 Neuron
Your container/image registry?
-
acastillo15 Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 4 ✭
my container/image registry? I use Azure, I have not configured anything in ACR
-
@acastillo15
did you ever figure this one out? -
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,301 Neuron
You need to deploy your company's internal CA Root certificates in your base AKS images using a docker file.
-
@Turribeach
when you say in your base AKS images, do you mean to add it to this base image on build? -
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,301 Neuron
-
acastillo15 Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 4 ✭
We must go to Azure and in the cluster configuration section we must
Copy the ca.crt from the namespace.
We must copy the file to the DSS machine and execute the following
commands to add the certificate.
Copy the file to the following path cp ca.crt /etc/pki/ca trust/source/anchors
We update the update-ca-trust extract from the trust store
We verify the certificate in the following path /etc/pki/ca trust/extracted/openssl/