https://community.cloudera.com/t5/Support-Questions/PKIX-path-building-failed/m-p/322455#M228791 <P>&nbsp;</P><P>I have installed Nifi locally and&nbsp;recieved the below error, could some one please let me know what need to be done.&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="midee_0-1628763549997.jpeg" style="width: 400px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/32060iDC407D120FF51BB4/image-size/medium?v=v2&amp;px=400" role="button" title="midee_0-1628763549997.jpeg" alt="midee_0-1628763549997.jpeg" /></span></P><P>&nbsp;</P><P>It would be great help if provided in detailed.</P><P>thanks!</P> Thu, 12 Aug 2021 10:19:30 GMT midee 2021-08-12T10:19:30Z https://community.cloudera.com/t5/Support-Questions/PKIX-path-building-failed/m-p/322455#M228791 <P>&nbsp;</P><P>I have installed Nifi locally and&nbsp;recieved the below error, could some one please let me know what need to be done.&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="midee_0-1628763549997.jpeg" style="width: 400px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/32060iDC407D120FF51BB4/image-size/medium?v=v2&amp;px=400" role="button" title="midee_0-1628763549997.jpeg" alt="midee_0-1628763549997.jpeg" /></span></P><P>&nbsp;</P><P>It would be great help if provided in detailed.</P><P>thanks!</P> Thu, 12 Aug 2021 10:19:30 GMT https://community.cloudera.com/t5/Support-Questions/PKIX-path-building-failed/m-p/322455#M228791 midee 2021-08-12T10:19:30Z https://community.cloudera.com/t5/Support-Questions/PKIX-path-building-failed/m-p/322531#M228836 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/87710">@midee</a>&nbsp;</P><P>&nbsp;</P><P>Not a lot of details in your question here, but the exception:</P><LI-CODE lang="markup">SunCertPathBuilderException: unable to find valid certification path to requested target</LI-CODE><P>is telling you that the trust could not be determined in the TLS handshake that occurred between client and server.<BR /><BR />Essentially this means that yoru truststore did not contain all the necessary TrustedCertEntries.<BR />The complete trust chain must exist in the truststore.<BR /><BR />Lets say you have Certificate "cert-X" signed by Certificate Authority (CA) "CA-A".<BR /><BR />Owner: CN=cert-X, OU=test<BR />Issuer: CN=CA-A, OU=CA-intermediate<BR /><BR />Then that CA "CA-A" was signed by another CA "CA-root"<BR />Owner:&nbsp;CN=CA-A, OU=CA-intermediate<BR />Issuer:&nbsp;CN=CA-root, OU=CA-root<BR /><BR />Then the CA "CA-root" is signed by itself:<BR />Owner:&nbsp;CN=CA-root, OU=CA-root<BR />Issuer:&nbsp;CN=CA-root, OU=CA-root<BR /><BR />So in order to trust the certificate&nbsp;CN=cert-X, OU=test, the truststore would need to contain the complete trust chain meaning it would need to have a TrustedCertEntry for both "CA-A" and "CA-root"<BR /><BR />There may even be more CAs in that trust chain.&nbsp; You need every public cert for each ca all the way to the root CA (owner and issuer the same) to have complete trust chain.<BR /><BR />A mutual TLS handshake would require trust in both directions.<BR />Clients certificate must be trusted by server and server's certificate must be trusted by client.<BR /><BR />In a 1-way TLS handshake you only need trust in one direction.<BR />Client must be able to trust server's certificate only since client would not be sending a certificate to the server.<BR /><BR />If you found this response addressed yoru query, please take a moment to login and click "Accept as Solution".<BR /><BR />Thank you,</P><P>Matt</P> Fri, 13 Aug 2021 15:06:17 GMT https://community.cloudera.com/t5/Support-Questions/PKIX-path-building-failed/m-p/322531#M228836 MattWho 2021-08-13T15:06:17Z https://community.cloudera.com/t5/Support-Questions/PKIX-path-building-failed/m-p/322843#M228945 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/87710">@midee</a>&nbsp;Have you resolved your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future.&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="mark as solution button" style="width: 331px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/5960i4EC112CCAAC11427/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2019-08-06 at 1.54.47 PM.png" alt="Screen Shot 2019-08-06 at 1.54.47 PM.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 19 Aug 2021 20:41:53 GMT https://community.cloudera.com/t5/Support-Questions/PKIX-path-building-failed/m-p/322843#M228945 cjervis 2021-08-19T20:41:53Z