pulsar-helm-chart icon indicating copy to clipboard operation
pulsar-helm-chart copied to clipboard

Published 20 hours ago verified publisher icon apache

PKIX path building failed: unable to find valid certification path to request to requested target

Open bharatbhushan1705 opened this issue 1 year ago • 1 comments
trafficstars

Describe the bug A clear and concise description of what the bug is. The error message javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target To Reproduce Steps to reproduce the behavior:

  1. Use of self-signed certificate keystone
  2. The TLS is enabled for proxy and broker
  3. The Apache Pulsar is running in Openshift Cluster
  4. The Apache Pulsar version 3.2.0

Expected behavior When we are communicating directly to broker url it is working, we expect same when we try to connect via proxy.

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: Ubuntu

Additional context Add any other context about the problem here. Error logs: 2172 at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] 2173 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] 2174 at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] 2175 at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1329) ~[?:?] 2176 ... 17 more 2177 Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 2178 at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148) ~[?:?] 2179 at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129) ~[?:?] 2180 at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] 2181 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] 2182 at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] 2183 at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] 2184 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] 2185 at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] 2186 at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1329) ~[?:?] 2187 ... 17 more

bharatbhushan1705 avatar Apr 22 '24 14:04 bharatbhushan1705

Could you share your yaml?

nodece avatar Apr 30 '24 07:04 nodece

Closing since there's no response from reporter. Please retest on latest released Pulsar Helm chart version.

lhotari avatar Jun 05 '24 10:06 lhotari