https://community.cloudera.com/t5/Support-Questions/NiFi-Slack-Integration-issue-1-26-0/m-p/389797#M247088 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/110342">@Vikas-Nifi</a>&nbsp;<BR /><BR />the following error is directly related to failure to establish certificate trust in the TLS exchange between NiFi's putSlack processor and your slack server:</P><LI-CODE lang="markup">javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target "</LI-CODE><P><BR />The putSlack processor utilizes the StandardRestrictedSSLContextService to define keystore and truststore files the putSlack processor will use.&nbsp; The truststore must contain the complete trustchain for the target slack server's serverAuth certificate.<BR /><BR />You can use:</P><LI-CODE lang="markup">openssl s_client -connect &lt;companyName.slack.com&gt;:443 -showcerts</LI-CODE><P>to get an output of all public certs included with the serverAuth cert.<BR /><BR />I noticed with my slack endpoint that was not the complete trust chain (root CA certificate for&nbsp;<SPAN>ISRG Root X1 was missing from the chain).<BR /><BR />You can download the missing rootCA public cert directly from let's encrypt and add it to the truststore set in the StandardRestrictedSSLContextService.<BR /><BR /><A href="https://letsencrypt.org/certificates/" target="_blank">https://letsencrypt.org/certificates/</A><BR /><BR /><A href="https://letsencrypt.org/certs/isrgrootx1.pem" target="_blank">https://letsencrypt.org/certs/isrgrootx1.pem</A><BR /><A href="https://letsencrypt.org/certs/isrg-root-x2.pem" target="_blank">https://letsencrypt.org/certs/isrg-root-x2.pem</A><BR /><BR />You might also want to make sure all intermediate CAs are also added and not just the intermediate returned by the openssl command just in case server changes that you get directed to.</SPAN></P><P>Please help our community grow. If you found<SPAN>&nbsp;</SPAN><STRONG>any</STRONG><SPAN>&nbsp;</SPAN>of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "<SPAN><EM><STRONG><FONT color="#FF0000">Accept as Solution</FONT></STRONG></EM>" on&nbsp;<STRONG>one or more</STRONG>&nbsp;of them that helped.</SPAN></P><P><SPAN>Thank you,<BR />Matt</SPAN></P><P><SPAN><BR /><BR /></SPAN></P> Tue, 02 Jul 2024 14:33:19 GMT MattWho 2024-07-02T14:33:19Z https://community.cloudera.com/t5/Support-Questions/NiFi-Slack-Integration-issue-1-26-0/m-p/389627#M247023 <P><SPAN>Hi,</SPAN></P><P><SPAN>Getting below error while calling Slack channel from Nifi. Used putSlack Processor.</SPAN></P><P><STRONG><EM>"o.apache.nifi.processors.slack.PutSlack : Failed to open connection</EM></STRONG><BR /><STRONG><EM>javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target "</EM></STRONG></P><P>I have added slack cert in to my truststore.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Slack-Cert.png" style="width: 323px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/41056iFE62E5B6F0425619/image-dimensions/323x288?v=v2" width="323" height="288" role="button" title="Slack-Cert.png" alt="Slack-Cert.png" /></span></P><P><SPAN>I am trying to get it tested in local (haven't deployed in to environment server). Added the channel name and webhookURL&nbsp; (which generated under "companyName.slack.com")&nbsp;</SPAN></P><P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="putSlack.png" style="width: 463px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/41057i6CBA685EC516987E/image-dimensions/463x258?v=v2" width="463" height="258" role="button" title="putSlack.png" alt="putSlack.png" /></span></SPAN></P><P><SPAN>Is there anything i need to add it in local truststore to work?.</SPAN></P><P><SPAN>Please help</SPAN></P><P><SPAN><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/35454">@MattWho</a>&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/80381">@SAMSAL</a>&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/103151">@cotopaul</a>&nbsp;</SPAN></P><P>&nbsp;</P> Wed, 26 Jun 2024 13:23:41 GMT https://community.cloudera.com/t5/Support-Questions/NiFi-Slack-Integration-issue-1-26-0/m-p/389627#M247023 Vikas-Nifi 2024-06-26T13:23:41Z https://community.cloudera.com/t5/Support-Questions/NiFi-Slack-Integration-issue-1-26-0/m-p/389797#M247088 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/110342">@Vikas-Nifi</a>&nbsp;<BR /><BR />the following error is directly related to failure to establish certificate trust in the TLS exchange between NiFi's putSlack processor and your slack server:</P><LI-CODE lang="markup">javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target "</LI-CODE><P><BR />The putSlack processor utilizes the StandardRestrictedSSLContextService to define keystore and truststore files the putSlack processor will use.&nbsp; The truststore must contain the complete trustchain for the target slack server's serverAuth certificate.<BR /><BR />You can use:</P><LI-CODE lang="markup">openssl s_client -connect &lt;companyName.slack.com&gt;:443 -showcerts</LI-CODE><P>to get an output of all public certs included with the serverAuth cert.<BR /><BR />I noticed with my slack endpoint that was not the complete trust chain (root CA certificate for&nbsp;<SPAN>ISRG Root X1 was missing from the chain).<BR /><BR />You can download the missing rootCA public cert directly from let's encrypt and add it to the truststore set in the StandardRestrictedSSLContextService.<BR /><BR /><A href="https://letsencrypt.org/certificates/" target="_blank">https://letsencrypt.org/certificates/</A><BR /><BR /><A href="https://letsencrypt.org/certs/isrgrootx1.pem" target="_blank">https://letsencrypt.org/certs/isrgrootx1.pem</A><BR /><A href="https://letsencrypt.org/certs/isrg-root-x2.pem" target="_blank">https://letsencrypt.org/certs/isrg-root-x2.pem</A><BR /><BR />You might also want to make sure all intermediate CAs are also added and not just the intermediate returned by the openssl command just in case server changes that you get directed to.</SPAN></P><P>Please help our community grow. If you found<SPAN>&nbsp;</SPAN><STRONG>any</STRONG><SPAN>&nbsp;</SPAN>of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "<SPAN><EM><STRONG><FONT color="#FF0000">Accept as Solution</FONT></STRONG></EM>" on&nbsp;<STRONG>one or more</STRONG>&nbsp;of them that helped.</SPAN></P><P><SPAN>Thank you,<BR />Matt</SPAN></P><P><SPAN><BR /><BR /></SPAN></P> Tue, 02 Jul 2024 14:33:19 GMT https://community.cloudera.com/t5/Support-Questions/NiFi-Slack-Integration-issue-1-26-0/m-p/389797#M247088 MattWho 2024-07-02T14:33:19Z