Pentaho

 View Only

 Pentaho Rest API SSL is not available

  • Pentaho
  • Kettle
  • Pentaho
  • Pentaho Data Integration PDI
Data Conversion's profile image
Data Conversion posted 02-22-2018 07:32

In Pentaho Rest API, I've tried using SSL config with my pfx file or jks file, but it was not useful and return 403.

1)OpenSSL is installed

2)I'm sure that the API can work because is can response with another way(asp.net C# and post man can work) but not kettle spoon.

 

So what’s wrong with it?

PS: data integration version 7.1 or 8.0

 

Thank you

 

qq%e5%9b%be%e7%89%8720180222153032


#PentahoDataIntegrationPDI
#Kettle
#Pentaho
Diego Mainou's profile image
Diego Mainou posted 02-23-2018 09:39

Hi,

Can you please elaborate a bit more?

Are you using Pentaho pdi to connect to Pentaho BA/DI server? Or some other api.

You probably don't need to ssh BUT simply perform an http call.

Data Conversion's profile image
Data Conversion posted 02-23-2018 17:04

I have a web service that I can consume using CURL[1] with proper certificates I am using the pentahotest.pem.priv for client side authentication. I am trying to use REST client to query the service. On the REST Client's step SSL tab 2 fields can be filled: * Trust store file * Trust store password AFAIK trust store file is only used for third parties servers authentication and not for client side authentication. ShowBox Lucky Patcher Kodi

[2] Then question is: Can I use Pentaho Kettle to query web services that use SSL client side certificates?

Diego Mainou's profile image
Diego Mainou posted 02-26-2018 17:51

The answer is yes.

My recommendation (which is what I hear my st engineer say over and over) is that you first try with the bare bones case then simply fill the boxes (or prior steps right). Please try your call using postman. Once you know it works there, from the machine you will be making the call then build an etl that mimics the behaviour. You may need to build the call first and then pass it with the http step (rather than the rest step).

David Martinez's profile image
David Martinez posted 04-25-2019 08:04

Similar behavior here,

  • PDI versons 7.1 and 8.0.
  • Trying to connect to third party's api.
  • Running in a server with no root rights

We have a .cert file with the needed certificate, and created brand new keystore file using keytool command.

  • keytool -import -trustcacerts -keystore newKeystore -storepass changeit -alias api.domain.com -file certificate.cer  -noprompt

JKS file was configured in SSL tab but nothing changes, same error was thrown:

  • javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

we repeated the process, this time in a local machine, adding .cert file to default Java keystore file (root needed, so no possible in production environment, but we did it anyway with test purposes)

  • keytool -import -trustcacerts -keystore ${JAVA_PATH}\jre\lib\security\cacerts -storepass changeit -alias api.domain.com -file certificate.cer -noprompt

Transformation runned and works like a charm, but still not working when setted newKeystore file in SSL tab (of course, cert was deleted from default Java keystore before doing the second test)

Has anyone ever made it work?

Nikunj Lotia's profile image
Nikunj Lotia posted 02-25-2023 10:59

Did anyone find any potential solution for this issue?

Related Content