KBEC-00429 - ec-groovy fails with "unable to find valid certification path" error when run from CLI

When using ec-groovy to interact with Flow, you may receive the following error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This is a known issue that may occur when using ec-groovy. The following steps should be followed to resolve this problem:

  1. Obtain the ElectricFlow server's certificate using the following command:
    • COMMANDER_HOME=/opt/electriccloud/electriccommander && LD_LIBRARY_PATH=$COMMANDER_HOME/lib && OPENSSL_CONF="$COMMANDER_HOME/conf/agentssl.cnf" && echo -e "quit\n" | $COMMANDER_HOME/bin/openssl s_client -connect replace-electricflow-server-name-here:8443
  2. Copy the server certificate contents after "Server certificate" into a file, say ef-server.crt
  3. Verify the certificate contents:
    • COMMANDER_HOME=/opt/electriccloud/electriccommander && LD_LIBRARY_PATH=$COMMANDER_HOME/lib && OPENSSL_CONF="$COMMANDER_HOME/conf/agentssl.cnf" && echo -e "quit\n" | $COMMANDER_HOME/bin/openssl x509 -in ef-server.crt -text
  4. Import the certificate into the Java keystore:
    • COMMANDER_HOME=/opt/electriccloud/electriccommander && $COMMANDER_HOME/jre/bin/keytool -import -trustcacerts -keystore $COMMANDER_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias myEFcert -file ef-server.crt
  5. ec-groovy should now run successfully from the command-line.

Have more questions?

0 Comments

Article is closed for comments.