Heroku Postgres - Forum - DataDirect Connect - Progress Community
 Forum

Heroku Postgres

This question is not answered

I am trying to connect to my Cloud Postgres hosted on Heroku and I keep getting.

SSL handshake failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Anyone have any ideas?

All Replies
  • Please check the below link.

    stackoverflow.com/.../resolving-javax-net-ssl-sslhandshakeexception-sun-security-validator-validatore

  • I don't have access to the certificate libraries on either side as both products are cloud based offerings (DataDirectCloud & Heroku Postgres).

  • The D2C Service is making an SSL connection to your Heroku database, but cannot validate the Heroku server certificate, probably because it's a self-signed certificate. You can work-around this problem by disabling server certificate validation. On the Advanced tab for your data source, put validateServerCertificate=false into the Extended Options box.

    NOTE: Disabling server certificate validation opens a serious security hole by allowing man in the middle attacks.  This is likely acceptable for test environments, but it is highly recommended that a server certificate issued by a recognized certificate authority be used in production environments.

  • Sumit
     
    Thanks for Quick response. I am following your webcast which you have posted along with Oracle A Team for Universal Cloud Applications Adaptor for ODI.
     
    I am able to do most of the steps. But When I trying to test the connection for Eloqua Data Server with newly created ODI Technology “Cloud_Application” using Datadirect driver.
    I am getting following error.
     
    Though, I am able to test the connection successfully using “testforJDBC” utility guys have provided with driver.
     
     
     
     
     
     
    oracle.odi.runtime.agent.invocation.InvocationException: oracle.odi.core.exception.OdiRuntimeException: java.sql.SQLException: [DataDirect][JDBC Cloud driver]sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                    at oracle.odi.runtime.agent.invocation.RemoteRuntimeAgentInvoker.invoke(RemoteRuntimeAgentInvoker.java:437)
                    at oracle.odi.runtime.agent.invocation.support.InternalRemoteRuntimeAgentInvoker.invoke(InternalRemoteRuntimeAgentInvoker.java:162)
                    at oracle.odi.runtime.agent.invocation.RemoteRuntimeAgentInvoker.invokeTestDataServer(RemoteRuntimeAgentInvoker.java:1116)
                    at com.sunopsis.graphical.dialog.SnpsDialogTestConnet.remoteTestConn(SnpsDialogTestConnet.java:605)
                    at com.sunopsis.graphical.dialog.SnpsDialogTestConnet.access$600(SnpsDialogTestConnet.java:62)
                    at com.sunopsis.graphical.dialog.SnpsDialogTestConnet$9.doInBackground(SnpsDialogTestConnet.java:563)
                    at oracle.odi.ui.framework.AbsUIRunnableTask.run(AbsUIRunnableTask.java:258)
                    at oracle.ide.dialogs.ProgressBar.run(ProgressBar.java:961)
                    at java.lang.Thread.run(Thread.java:745)
     
     
    Please let me know if I am doing something wrong here.
     
    Thanks
    Amrish
     
  • Also, I was looking for Advanced tab in data Sources tab of Datadirect Cloud. As johbson mentioned a work around for similar issue user was facing for Heroku database.
     
    You can work-around this problem by disabling server certificate validation. On the Advanced tab for your data source, put validateServerCertificate=false into the Extended Options box”
     
     
    Thanks
    Amrish
     
  • You are correct, the Eloqua data source does not have an advanced tab.  You should not need to disable certificate validation for Eloqua.  The Eloqua service uses a certificate from a well know Certificate Authority the DataDirect Cloud trusts.  In the Postgres Issue above the Postgres server was configured with a self signed certificate that  Cloud  does not trust.

    I am not real familiar with Oracle ODI, but from the error message, it looks like ODI is configured with a truststore that does not recognize the certificate the DataDirect Cloud service is returning.  If someone more familiar with ODI does not reply, I will see if I can find more configuration info for using SSL with ODI.

  • Thanks Mark
     
    After some research I found out that ODI 12c Version have option to provide client’s keystore and Password (see screen shot below). If I am not wrong in this case the client would be Datadirect cloud.
     
     
    If you think this is correct then can you please help me with datadirect Keystore, Password & Private Key Passowrd.
     
     
     
    Thanks
    Amrish
     
  • In most cases we just use the default keystore that comes with the Java VM, although I have only used Oracle's Hotspot JVM.  In the Oracle JVM the default keystore file is located at <JAVA_HOME>\jre\lib\security\cacerts and the password for the file is changeit.  

    I notice the "Append default_CA certificates" checkbox on the screen shot.  I would think that would cause the CA certificates in the default keystore mentioned above to be included.  Maybe this is using something other than the Oracle Hotspot JVM and the default keystore for the JVM does not have the Global Sign CA certificates?  

  • I discussed this with the ODI product team and the issue does not seem specific to DataDirect Cloud. If still having issues, can you raise your question on this forum? community.oracle.com/.../data_integrator

    Check out my world famous blog on data connectivity