kinesalite
kinesalite copied to clipboard
Java KCL unable to find valid certification path to requested target
Hi!
I am trying to use kinesalite and dynalite for integration tests purpose, but cant figure out how to set everything up.
First of all im using: Java 8 amazon-kinesis-client 1.8.8 amazon-kinesis-producer 0.12.5
I start kinesalite and dynalite with
kinesalite --ssl true --port 4567
dynalite --port 4568
In my /etc/hosts file i have added
127.0.0.1 kinesalite
I disable CBOR with environment variable:
AWS_CBOR_DISABLE: true
I create the dynamoClient like this:
dynamoClient = AmazonDynamoDBClientBuilder
.standard()
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(
"http://localhost:4568",
"eu-central-1"
))
.build();
I create the kinesisClient like this:
kinesisClient = AmazonKinesisClientBuilder
.standard()
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(
"kinesalite:4567",
"eu-central-1"
))
.build();
Then i create the config and worker
KinesisClientLibConfiguration config =
new KinesisClientLibConfiguration(
CONFIG.applicationName,
CONFIG.streamName,
credentialsProvider,
CONFIG.workerId
)
.withInitialPositionInStream(InitialPositionInStream.LATEST);
final Worker worker = new Worker.Builder()
.recordProcessorFactory(processorFactory)
.config(config)
.kinesisClient(kinesisClient)
.dynamoDBClient(dynamoClient)
.metricsFactory(new NullMetricsFactory())
.build();
But i get errors and cant figure out what i'm missing:
INFO [2017-12-18 15:25:39,847] com.amazonaws.services.kinesis.clientlibrary.lib.worker.Worker: Initialization attempt 1
INFO [2017-12-18 15:25:39,847] com.amazonaws.services.kinesis.clientlibrary.lib.worker.Worker: Initializing LeaseCoordinator
INFO [2017-12-18 15:25:39,866] com.amazonaws.services.kinesis.clientlibrary.lib.worker.Worker: Syncing Kinesis shard info
ERROR [2017-12-18 15:25:40,247] com.amazonaws.services.kinesis.clientlibrary.lib.worker.ShardSyncTask: Caught exception while sync'ing Kinesis shards and leases
! sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
! Causing: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
! at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[na:1.8.0_151]
...
! Causing: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Any reason you're using the --ssl true
flag? The endpoint you've passed in uses http:
, not https:
, so I doubt that will work – just remove that flag
Thanks for the respond @mhart !
Yes i'm using --ssl true
because there is no way to disable the TLS connection in Java Kinesis Producer Library. But it would be nice if i could disable it. Then i could skip the ssl true flag.
https://github.com/awslabs/amazon-kinesis-producer/blob/master/java/amazon-kinesis-producer/src/main/java/com/amazonaws/services/kinesis/producer/KinesisProducerConfiguration.java
/**
* Use a custom Kinesis endpoint.
*
* <p>
* Note this does not accept protocols or paths, only host names or ip addresses. There is no
* way to disable TLS. The KPL always connects with TLS.
*
* <p><b>Expected pattern</b>: ^([A-Za-z0-9-\\.]+)?$
*/
public KinesisProducerConfiguration setKinesisEndpoint(String val) {
if (!Pattern.matches("^([A-Za-z0-9-\\.]+)?$", val)) {
throw new IllegalArgumentException("kinesisEndpoint must match the pattern ^([A-Za-z0-9-\\.]+)?$, got " + val);
}
kinesisEndpoint = val;
return this;
}
But for dynalite i do not use --ssl true
so in the dynamoClient i use http, but for the kinesisClient it should be https per default. it is the same result if i would use https://kinesalite:4567
I'm hitting this same issue -- is there any way to get the AWS KCL library to not verify the SSL certificate?
java -Dcom.amazonaws.sdk.disableCertChecking
Thanks @TJC That works! :smiley: