SSLHandshake exception #132
Comments
|
@EvodiDunn Were you able to resolve it ? |
|
@adityatanwar03 Unfortunately i have not yet. I've been held up with other projects and sidelined this, but will need to look again over the next week or so. After some talks in the slack community i believe it could be related to the keystore, however i haven't seen much documentation around how thats supposed to be setup for the chart so i haven't changed it from default. Could be my issue, so ill be starting there? But open to suggestions. |
|
Well i tried setting this up with a keystore as well but seem to get stuck with the same error as you are getting , funny thing that i am still able to choose schemas but not able to see tables then this error message pops up. Let me know whenever you start working on it @EvodiDunn |
Hey,
Im trying to secure our installation with HTTPS certificate and internal TLS so that i can use LDAP for authentication. However i run into the below error.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetThis occurs when i connect via 'https://internal-fqdn'. Our organization has a wildcard certificate issued by GoDaddy and that has been added to the cluster in the form of a secret. Then this certificate is terminated on the ingress with the backend protocol set to HTTPS.
If i visit the site via a web browser the site says there is a certificate and that it is valid. However if i connect via the Trino.jar application with the command
./trino.jar https://internal-fqdnand then runshow catalogs;the error appears. Remove the TLS and connect via http and this error does not occur. any suggestions?For context too i have the following configuration in our helm values file as well
additionalConfigProperties:[#To allow the certificate to be terminated at the ingresshttp-server.process-forwarded=true,#This is required for the nodes and coordiantor to encypt traffic between each otherinternal-communication.shared-secret={redacted secret phrase},internal-communication.https.required=true,#Not needed according to https://trino.io/docs/current/security/tls.html#https-secure-directly:~:text=This%20is%20why%20you%20do%20not%20need%20to%20configure%20http%2Dserver.https.enabled%3Dtrue#http-server.https.enabled=true,#http-server.https.port=8443]The text was updated successfully, but these errors were encountered: