Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

[ranjith bannu]

Hi,

Can someone help me with below issue. I have searched entire group. I found some links but didn't helped me in resolving the issue. 

We have recently upgraded Java and rundeck to latest versions. 

Rundeck has been upgraded from Rundeck 2.11.X to Rundeck 3.X following this document https://rundeck.org/docs/upgrading/upgrade-to-rundeck-3.x.html

Upgrade is done using yum. Rundeck URL is loading fine over SSL, after sometime I have noticed bunch of errors in the service.log 

com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleRetryableException(AmazonHttpClient.java:1069)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1035)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)

at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)

at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)

at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513

So I have reconfigured the SSL by following this document https://rundeck.org/docs/administration/security/configuring-ssl.html

I can see from the ps command rundeck is pointed correct trusttore file here is full process command

rundeck   2455  2447 37 12:26 ?        00:01:13 java -Drundeck.jaaslogin=true -Djava.security.auth.login.config=/etc/rundeck/jaas-loginmodule.conf -Dloginmodule.name=RDpropertyfilelogin -Drdeck.config=/etc/rundeck -Drundeck.server.configDir=/etc/rundeck -Dserver.datastore.path=/var/lib/rundeck/data/rundeck -Drundeck.server.serverDir=/var/lib/rundeck -Drdeck.projects=/var/lib/rundeck/projects -Drdeck.runlogs=/var/lib/rundeck/logs -Drundeck.config.location=/etc/rundeck/rundeck-config.properties -Djava.io.tmpdir=/tmp/rundeck -Drundeck.server.workDir=/tmp/rundeck -Dserver.http.port=4440 -Drdeck.base=/var/lib/rundeck -Xmx1024m -Xms256m -XX:MaxMetaspaceSize=256m -server -Drundeck.ssl.config=/etc/rundeck/ssl/ssl.properties -Dserver.https.port=4443 -Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -Xmx1024m -Xms256m -XX:MaxMetaspaceSize=256m -server -Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -jar /var/lib/rundeck/bootstrap/rundeck-3.0.8-20181029.war --skipinstall

Ec2 node plugin is failing to get the nodes information with above error, Email sending is also failing with the same error.

Please help me to resolve the issue and let me know if you need any further information needed.

Thanks in advance.

[rac...@rundeck.com]

Hi Ranjith,

Rundeck works with the lastest version of Java 8 (1.8) this include OpenJDK, if you use Java 11 probably don't work propertly. Please check this:

https://rundeck.org/docs/administration/install/system-requirements.html#java

Hope it helps!

[ranjith bannu]

Hi Racuna,

Thank you for the reply.

I am using latest version of java 8 openjdk. Still couldn't able to figure out what causing the problem. 

[rundeck@ip-10-3-1-10 ~]$ java -version 

openjdk version "1.8.0_181"

OpenJDK Runtime Environment (build 1.8.0_181-b13)

OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode)