SSLHandshakeException, unable to find valid certification path to requested target - AKS AZURE

acastillo15

Hello,

I get an error when executing the flows in the spark engine, I am doing this configuration with AKS

---

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Operating system used: AlmaLinux

---

Operating system used: AlmaLinux

Turribeach

I don't know what you need to do to fix this but this is the error you get when a client doesn't trust the SSL certificate issued by the server. So you either need to add the CA root to your trust store or ignore certificate validation.

acastillo15

Hello, the strange thing is that I have not configured any certificate in the design node (DSS) and in the cluster, which SSL certificate are you referring to?

Turribeach

Your container/image registry?

acastillo15

my container/image registry? I use Azure, I have not configured anything in ACR

jonhli

@acastillo15
did you ever figure this one out?

Turribeach

You need to deploy your company's internal CA Root certificates in your base AKS images using a docker file.

jonhli

@Turribeach
when you say in your base AKS images, do you mean to add it to this base image on build?

Turribeach

yes.

https://doc.dataiku.com/dss/latest/containers/custom-base-images.html

acastillo15

We must go to Azure and in the cluster configuration section we must
Copy the ca.crt from the namespace.
We must copy the file to the DSS machine and execute the following
commands to add the certificate.
Copy the file to the following path cp ca.crt /etc/pki/ca trust/source/anchors
We update the update-ca-trust extract from the trust store
We verify the certificate in the following path /etc/pki/ca trust/extracted/openssl/