Heroku Postgres

Posted by mlavigne on 23-Feb-2016 22:41

I am trying to connect to my Cloud Postgres hosted on Heroku and I keep getting.

SSL handshake failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Anyone have any ideas?

DataDirect Connect - Forum

All Replies

Posted by Jayakhanna P (JK) on 24-Feb-2016 07:51

Please check the below link.

stackoverflow.com/.../resolving-javax-net-ssl-sslhandshakeexception-sun-security-validator-validatore

Posted by mlavigne on 24-Feb-2016 09:25

I don't have access to the certificate libraries on either side as both products are cloud based offerings (DataDirectCloud & Heroku Postgres).

Posted by jhobson on 25-Feb-2016 06:03

The D2C Service is making an SSL connection to your Heroku database, but cannot validate the Heroku server certificate, probably because it's a self-signed certificate. You can work-around this problem by disabling server certificate validation. On the Advanced tab for your data source, put validateServerCertificate=false into the Extended Options box.

NOTE: Disabling server certificate validation opens a serious security hole by allowing man in the middle attacks.  This is likely acceptable for test environments, but it is highly recommended that a server certificate issued by a recognized certificate authority be used in production environments.

Posted by amrish.singh@jibeconsulting.com on 06-Mar-2016 12:02

Sumit
 
Thanks for Quick response. I am following your webcast which you have posted along with Oracle A Team for Universal Cloud Applications Adaptor for ODI.
 
I am able to do most of the steps. But When I trying to test the connection for Eloqua Data Server with newly created ODI Technology “Cloud_Application” using Datadirect driver.
I am getting following error.
 
Though, I am able to test the connection successfully using “testforJDBC” utility guys have provided with driver.
 
 
 
 
 
 
oracle.odi.runtime.agent.invocation.InvocationException: oracle.odi.core.exception.OdiRuntimeException: java.sql.SQLException: [DataDirect][JDBC Cloud driver]sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                at oracle.odi.runtime.agent.invocation.RemoteRuntimeAgentInvoker.invoke(RemoteRuntimeAgentInvoker.java:437)
                at oracle.odi.runtime.agent.invocation.support.InternalRemoteRuntimeAgentInvoker.invoke(InternalRemoteRuntimeAgentInvoker.java:162)
                at oracle.odi.runtime.agent.invocation.RemoteRuntimeAgentInvoker.invokeTestDataServer(RemoteRuntimeAgentInvoker.java:1116)
                at com.sunopsis.graphical.dialog.SnpsDialogTestConnet.remoteTestConn(SnpsDialogTestConnet.java:605)
                at com.sunopsis.graphical.dialog.SnpsDialogTestConnet.access$600(SnpsDialogTestConnet.java:62)
                at com.sunopsis.graphical.dialog.SnpsDialogTestConnet$9.doInBackground(SnpsDialogTestConnet.java:563)
                at oracle.odi.ui.framework.AbsUIRunnableTask.run(AbsUIRunnableTask.java:258)
                at oracle.ide.dialogs.ProgressBar.run(ProgressBar.java:961)
                at java.lang.Thread.run(Thread.java:745)
 
 
Please let me know if I am doing something wrong here.
 
Thanks
Amrish
 

Posted by amrish.singh@jibeconsulting.com on 06-Mar-2016 12:18

Also, I was looking for Advanced tab in data Sources tab of Datadirect Cloud. As johbson mentioned a work around for similar issue user was facing for Heroku database.
 
You can work-around this problem by disabling server certificate validation. On the Advanced tab for your data source, put validateServerCertificate=false into the Extended Options box”
 
 
Thanks
Amrish
 

Posted by Mark Biamonte on 06-Mar-2016 18:04

You are correct, the Eloqua data source does not have an advanced tab.  You should not need to disable certificate validation for Eloqua.  The Eloqua service uses a certificate from a well know Certificate Authority the DataDirect Cloud trusts.  In the Postgres Issue above the Postgres server was configured with a self signed certificate that  Cloud  does not trust.

I am not real familiar with Oracle ODI, but from the error message, it looks like ODI is configured with a truststore that does not recognize the certificate the DataDirect Cloud service is returning.  If someone more familiar with ODI does not reply, I will see if I can find more configuration info for using SSL with ODI.

Posted by amrish.singh@jibeconsulting.com on 08-Mar-2016 12:28

Thanks Mark
 
After some research I found out that ODI 12c Version have option to provide client’s keystore and Password (see screen shot below). If I am not wrong in this case the client would be Datadirect cloud.
 
 
If you think this is correct then can you please help me with datadirect Keystore, Password & Private Key Passowrd.
 
 
 
Thanks
Amrish
 

Posted by Mark Biamonte on 08-Mar-2016 15:57

In most cases we just use the default keystore that comes with the Java VM, although I have only used Oracle's Hotspot JVM.  In the Oracle JVM the default keystore file is located at <JAVA_HOME>\jre\lib\security\cacerts and the password for the file is changeit.  

I notice the "Append default_CA certificates" checkbox on the screen shot.  I would think that would cause the CA certificates in the default keystore mentioned above to be included.  Maybe this is using something other than the Oracle Hotspot JVM and the default keystore for the JVM does not have the Global Sign CA certificates?  

Posted by Sumit Sarkar on 12-Mar-2016 01:52

I discussed this with the ODI product team and the issue does not seem specific to DataDirect Cloud. If still having issues, can you raise your question on this forum? community.oracle.com/.../data_integrator

This thread is closed