I am trying to connect to my Cloud Postgres hosted on Heroku and I keep getting.
SSL handshake failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Anyone have any ideas?
Please check the below link.
I don't have access to the certificate libraries on either side as both products are cloud based offerings (DataDirectCloud & Heroku Postgres).
The D2C Service is making an SSL connection to your Heroku database, but cannot validate the Heroku server certificate, probably because it's a self-signed certificate. You can work-around this problem by disabling server certificate validation. On the Advanced tab for your data source, put validateServerCertificate=false into the Extended Options box.
NOTE: Disabling server certificate validation opens a serious security hole by allowing man in the middle attacks. This is likely acceptable for test environments, but it is highly recommended that a server certificate issued by a recognized certificate authority be used in production environments.
You are correct, the Eloqua data source does not have an advanced tab. You should not need to disable certificate validation for Eloqua. The Eloqua service uses a certificate from a well know Certificate Authority the DataDirect Cloud trusts. In the Postgres Issue above the Postgres server was configured with a self signed certificate that Cloud does not trust.
I am not real familiar with Oracle ODI, but from the error message, it looks like ODI is configured with a truststore that does not recognize the certificate the DataDirect Cloud service is returning. If someone more familiar with ODI does not reply, I will see if I can find more configuration info for using SSL with ODI.
In most cases we just use the default keystore that comes with the Java VM, although I have only used Oracle's Hotspot JVM. In the Oracle JVM the default keystore file is located at <JAVA_HOME>\jre\lib\security\cacerts and the password for the file is changeit.
I notice the "Append default_CA certificates" checkbox on the screen shot. I would think that would cause the CA certificates in the default keystore mentioned above to be included. Maybe this is using something other than the Oracle Hotspot JVM and the default keystore for the JVM does not have the Global Sign CA certificates?
I discussed this with the ODI product team and the issue does not seem specific to DataDirect Cloud. If still having issues, can you raise your question on this forum? community.oracle.com/.../data_integrator
Check out my world famous blog on data connectivity