I am working on a POC for sending data from Kinesis to Kafka using AWS Kinesis connector available with Confluent. I am using trial version of the connector valid for 30 days.
I keep getting below error on the connector. The connection to AWS S3 is fine from the same server. So i don't believe issue is with any missing certificate. But below is the error i keep getting.
Caused by: sun.security.validator.ValidatorException: PKIX path building failed::
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valii
d certification path to requested target
Sorry for not providing version information.
Confluent Community 5.5 version has been used to setup connector. It is running on 1 Docker container for now. I am starting connect-distributed with connect-distributed.properties file. The Apache Open source Kafka is running on 3 nodes. Version of Kafka is 2.3.
Related
as the title says I'm facing the error:
WebSocket connection failure. Due to security constraints in your web
browser, the reason for the failure is not available to this Neo4j
Driver…​
My neo4j DB is running on a Ubuntu Linux machine:
Unbungu 20.04.04 LTS, Release 20.04
Neo4j Community Edition, Version 4.4.8
I can connect to the db via:
http://localhost:7474/browser/
but not under
https://localhost:7473/browser/ or bolt+s://localhost:7687
I already tried multiple "solutions" but none of them work.
Here is what I changed in my config.
dbms.default_listen_address=0.0.0.0
dbms.connectors.default_list_address=0.0.0.0
dbms.connector.bolt.enabled=true
dbms.connector.bolt.address=0.0.0.0:7687
dbms.connector.https.enabled=true
dbms.connector.https.listen_address=0.0.0.0:7473
I also generated SSL certificates:
Bolt SSL configuration
dbms.ssl.policy.bolt.enabled=true
dbms.ssl.policy.bolt.base_directory=certificates/bolt
dbms.ssl.policy.bolt.private_key=private.key
dbms.ssl.policy.bolt.public_certificate=public.crt
dbms.ssl.policy.bolt.client_auth=NONE
Https SSL configuration
dbms.ssl.policy.https.enabled=true
dbms.ssl.policy.https.base_directory=certificates/https
dbms.ssl.policy.https.private_key=private.key
dbms.ssl.policy.https.public_certificate=public.crt
dbms.ssl.policy.https.client_auth=NONE
Any ideas?
*Edit: Typo
I have a cluster managed with cloudera, I have installed CFM (Nifi) with the tutorial; also secured the nifi nodes with TLS/SSL.
When I tried the invokeHTTP processor, I have the following bulletin:
InvokeHTTP[id=3c2dea7a-0172-1000-0000-0000350072f1] Yielding processor due to exception encountered as a source processor: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have tried with and without a secured cluster (with the help of Nifi CA toolkit service), without any success.
I also tried to create a controller service to force path of the trustore and keystore.
Now I am clueless on what to do, any ideas?
Thank you for your help,
#pdeuxa you need to configure the SSLContextService for the resource you are connecting to not the nifi cluster. You do this by adding the resource's SSL Certificates to a local nifi truststore, then tell NiFi where the truststore is. The files need to be properly owned for nifi and copied to all nifi nodes.
It works with SSLcontext configuration!
I copied the cacert from java jdk on each nifi nodes, and grant ownership to the cacert to nifi user.
On the SSL context configuration I added the path of the copied cacert for keystore and trustore (the defaut password for java cacert is "changeit").
Then I forced invokehttp "proxy type" property on "http"
Running WSO2 Enterprise Integrator 6.5.0. on RHEL 7. We are in the proces of building flows to read files from an sftp server. But setting up the sftp connection towards a Windows SFTP server fails. We can access this Windows SFTP server correctly with Windows clients like FileZilla/WinSCP.
With netstat we see a connection is build towards the Windows SFTP server but the flow isn't moving - no files are being read. On the point of stopping the server the error as shown below is printed in the wso2carbon.log.
When setting up the connection towards a Linux sftp server ( Plain RHEL 7 box with SSHD ) we don't face any issues. We have the matching private key place under .ssh/id_rsa in the home dir of the user running WSO2 EI.
Searching for the error message ( see snippet below ) we should get it resolved by adding the transport.vfs.AvoidPermissionCheck=true parameter to the VFS URL but unfortunately this doesn't solve our issue.
This is the VFS URL we are using.
sftp://SFTPUSER#SERVER.ACMECORP.ORG/inputdir?transport.vfs.AvoidPermissionCheck=true;vfs.passive=true
Is this a configuration that should work and are we missing a configuration option? Or is this a bug in the WSO2 software?
These URL's mention the issue we are facing.
VFS2 Error cannot delete file and could not get the groups id of the current user (error code: -1)
https://issues.apache.org/jira/browse/VFS-617
https://github.com/wso2/product-ei/issues/3725
[2019-12-06 13:48:59,724] [-1] [] [vfs-Worker-2] ERROR {org.apache.synapse.transport.vfs.VFSTransportListener} - Error checking for existence and readability : sftp://SFTPUSER#SERVER.ACMECORP.ORG/inputdir?transport.vfs.AvoidPermissionCheck=true;vfs.passive=true
org.apache.commons.vfs2.FileSystemException: Could not determine if file "sftp://SFTPUSER#SERVER.ACMECORP.ORG/inputdir?transport.vfs.AvoidPermissionCheck=true;vfs.passive=true" is readable.
at org.apache.commons.vfs2.provider.AbstractFileObject.isReadable(AbstractFileObject.java:1494)
at org.apache.synapse.transport.vfs.VFSTransportListener.scanFileOrDirectory(VFSTransportListener.java:295)
at org.apache.synapse.transport.vfs.VFSTransportListener.poll(VFSTransportListener.java:188)
at org.apache.synapse.transport.vfs.VFSTransportListener.poll(VFSTransportListener.java:134)
at org.apache.axis2.transport.base.AbstractPollingTransportListener$1$1.run(AbstractPollingTransportListener.java:67)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.jcraft.jsch.JSchException: Could not get the groups id of the current user (error code: -1)
at org.apache.commons.vfs2.provider.sftp.SftpFileSystem.getGroupsIds(SftpFileSystem.java:219)
at org.apache.commons.vfs2.provider.sftp.SftpFileObject.getPermissions(SftpFileObject.java:250)
at org.apache.commons.vfs2.provider.sftp.SftpFileObject.doIsReadable(SftpFileObject.java:264)
at org.apache.commons.vfs2.provider.AbstractFileObject.isReadable(AbstractFileObject.java:1492)
... 8 more
UPDATE
Using the same URL but then setting up the WSO2 flow to write a file towards the SFTP server works.
Got this resolved with support from WSO2.
The correct VFS url to use is.
sftp://SFTPUSER#SERVER.ACMECORP.ORG/inputdir?transport.vfs.AvoidPermissionCheck=true&vfs.passive=true So a '&' seperator instead of a ';'.
The documentation of WSO2 just is very fuzzy about the correct syntax to use.
They give different examples across their documentation.
https://docs.wso2.com/display/EI650/VFS+Transport
https://docs.wso2.com/display/EI650/File+Inbound+Protocol
https://docs.wso2.com/display/EI650/Configuring+File+Inbound+Protocol+for+FTP%2C+SFTP+and+FILE+Connections
I am setting up JMeter 4.0 for load testing in the cloud (GCE). I am creating VM images for the master and slave with the only difference being the slaves run jmeter-server on boot. I ran bin/create-rmi-keystore.sh per http://jmeter.apache.org/usermanual/remote-test.html#setup_ssl and ensured the .jks file is on the master/client and all the slaves.
Now, when I create multiple slave instances (new slave IPs), the load test fails due to SSL errors -
Configuring remote engine: 10.150.0.11
error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Failed to configure 10.150.0.11
Can I avoid having to manually regenerate the keystore every time I plan a test run?
If you have created rmi_keystore.jks on your master , copy that on your slave's bin directory. You can restart jmeter-server.bat on slave after that.
Attempting to upload a binary that has passed 'validation' I get:
Communications error. Please use diagnostic mode to check connectivity. You need to have outbound access to TCP port 443
An exception has occurred: sun.security.validator.Validator.Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could not connect to Apple's web service
Unable to authenticate the package: 617269104.itms
Transport update failed with unexpected exception
An exception has occurred: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.ceertpath.SunCertPathBuilder\exception: unable to find valid certification path to requested target
I still have this problem despite trying all the suggestions in various similar SO threads. Running App Loader 2.9.1; Java version 7 build 1.7.0.; Yosemite beta 4; Xcode 5.1.1. Also tried all the settings in Java Control Panel General/Network Settings. All firewall ports open for outbound traffic.
Any new/further suggestions appreciated...