Issue:
When using a pipeline with the "Start Pipeline" Stage the following error appears:
START_ERROR: START_PIPELINE_01 - Failed to connect to Execution Engine: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetSolution:
If you are running SDC with HTTPS this issue appears because the certificate being used is not trusted by the default Java Keystore cacerts and we need to add this certificate in there. Please note that if you have configured your SDC to use a custom Keystore you can add the certificate there instead of on the default one.
1- Get the certificate from the SDC Keystore. You will need to access the $SDC_CONF directory and from there run the following command:
keytool -export -alias sdc -file cert.der -keystore etc/keystore.jksThe cert.der file will contain the certificate in der format, now we need to convert it to pem.
2- Convert to PEM:
openssl x509 -inform der -in cert.der -out cert.pemThis is the certificate we will add into our Keystore for SDC to be able to validate the certificate.
3- Add the certificate into the Java Keystore:
keytool -importcert -file cert.pem -keystore $JAVA_PATH/cacerts -alias sdcThe path for the cacerts file will depend on your environment. In most Linux boxes it usually can be found under $JAVA_HOME/jre/lib/security/cacerts.
After adding the certificate into the Java Keystore please restart the SDC service and the pipeline should be able to run without any problems.
