How to resolve the 'PKIX path building failed' error encountered for a CData adapter in TIBCO Data Virtualization?
Article ID: KB0071768
Updated On:
| Products | Versions |
|---|---|
| TIBCO Data Virtualization | All supported versions |
Description
When a user has created a datasource that uses a CData adapter for e.g. Sharepoint adapter, Salesforce adapter, etc. the user might incur the below error message when testing the connection with the datasource.
-----------------
Caused by: java.sql.SQLException: Cannot conclude ssl handshake. Cause: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
at com.cdata.cis.salesforce.SalesforceConnectionFactory.create(Unknown Source) ~[?:?]
-----------------
If we take a look at the error message, it's from com.cdata.cis.salesforce which points out that the error is from the CData's Salesforce adapter.
The above error refers to a valid certificate not being present in the TDV truststore. The Salesforce server is sending an SSL certificate to TDV and TDV is unable to find this certificate in its (i.e. TDV's) trust store, resulting in the above error.
-----------------
Caused by: java.sql.SQLException: Cannot conclude ssl handshake. Cause: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
at com.cdata.cis.salesforce.SalesforceConnectionFactory.create(Unknown Source) ~[?:?]
-----------------
If we take a look at the error message, it's from com.cdata.cis.salesforce which points out that the error is from the CData's Salesforce adapter.
The above error refers to a valid certificate not being present in the TDV truststore. The Salesforce server is sending an SSL certificate to TDV and TDV is unable to find this certificate in its (i.e. TDV's) trust store, resulting in the above error.
Issue/Introduction
This article focuses on one way to resolve the PKIX path error for a CData adapter.
Environment
All supported environment
Resolution
To get around this error, CData adapters have a field called ' SSLServerCert'. The user can go to the datasource page and then set the value to * for the SSLServerCert. The '*' signifies accepting all certificates (Snapshot for reference)
However, apart from the above workaround, the user can request their respective admins (e.g: Salesforce admin) to provide the appropriate certificate chain which can be added to the cis_server_truststore.jks, and then point the adapter to the certificate path.
NOTE: Kindly refer to the documentation link pasted in the 'Reference' section for more information on the 'SSLServerCert' field.
Additional Information
Feedback
Yes
No
Powered by
