Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Please see the Cloudera blog for information on the Cloudera Response to CVE-2021-4428

Knox gateway JDBC connection to Hive failed. unable to find valid certification path to requested target

New Contributor

Hi,

I'm configuring a knox gateway server following this doc:

https://knox.apache.org/books/knox-1-1-0/user-guide.html#Hive

And I got this error when trying to connect to hive through my knox server using jdbc.

Caught: java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://localhost:8443/;ssl=true;sslTrustStore=/home/user123/knox-0.12.0/data/security/keystores/gateway.jks;trustStorePassword=Ilvsr@001122?hive.server2.transport.mode=http;hive.server2.thrift.http.path=/gateway/sample/hive: Could not create http connection to jdbc:hive2://localhost:8443/;ssl=true;sslTrustStore=/home/user123/knox-0.12.0/data/security/keystores/gateway.jks;trustStorePassword=Ilvsr@001122?hive.server2.transport.mode=http;hive.server2.thrift.http.path=/gateway/sample/hive. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://localhost:8443/;ssl=true;sslTrustStore=/home/user123/knox-0.12.0/data/security/keystores/gateway.jks;trustStorePassword=Ilvsr@001122?hive.server2.transport.mode=http;hive.server2.thrift.http.path=/gateway/sample/hive: Could not create http connection to jdbc:hive2://localhost:8443/;ssl=true;sslTrustStore=/home/user123/knox-0.12.0/data/security/keystores/gateway.jks;trustStorePassword=Ilvsr@001122?hive.server2.transport.mode=http;hive.server2.thrift.http.path=/gateway/sample/hive. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:215) at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:163) at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105) at java_sql_DriverManager$getConnection.call(Unknown Source) at HiveJDBCSample.run(HiveJDBCSample.groovy:43) at org.apache.hadoop.gateway.shell.Shell.main(Shell.java:56) at org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70) at org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39) at org.apache.hadoop.gateway.launcher.Command.run(Command.java:99) at org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69) at org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46) Caused by: org.apache.thrift.transport.TTransportException: Could not create http connection to jdbc:hive2://localhost:8443/;ssl=true;sslTrustStore=/home/user123/knox-0.12.0/data/security/keystores/gateway.jks;trustStorePassword=Ilvsr@001122?hive.server2.transport.mode=http;hive.server2.thrift.http.path=/gateway/sample/hive. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.apache.hive.jdbc.HiveConnection.createHttpTransport(HiveConnection.java:257) at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:187) ... 10 more Caused by: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.apache.thrift.transport.THttpClient.flushUsingHttpClient(THttpClient.java:281) at org.apache.thrift.transport.THttpClient.flush(THttpClient.java:297) at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:65) at org.apache.hive.service.cli.thrift.TCLIService$Client.send_OpenSession(TCLIService.java:150) at org.apache.hive.service.cli.thrift.TCLIService$Client.OpenSession(TCLIService.java:142) at org.apache.hive.jdbc.HiveConnection.createHttpTransport(HiveConnection.java:249) ... 11 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:117) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at org.apache.thrift.transport.THttpClient.flushUsingHttpClient(THttpClient.java:235) ... 16 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ... 26 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ... 26 more

The instruction in the doc tells that a self-signed certificate should be generated but still pop up with the error.

Please help me. Thanks!

0 REPLIES 0