Ok, what is stored in keystore file, privateKeyEntry or trustedCertEntry? It is important for what must be set.
If second type than something is wrong. You can debug SSL handshake with system property javax.net.ssl.debug.
If first type, that configuration is wrong and in keystore is stored private key of client. So it is another configuration and another properties for it.
P.V.A. systems s.r.o.
Original Message:
Sent: 02-24-2023 02:16
From: Tony lang
Subject: IO Error when PDI 9.4 connect AWS RDS Oracle 19C
Thanks,Petr
I got the same error, is there any issue for my code?
if "%PENTAHO_DI_JAVA_OPTIONS%"=="" set PENTAHO_DI_JAVA_OPTIONS="-Xms1024m" "-Xmx2048m"
set PENTAHO_DI_JAVA_OPTIONS="-Djavax.net.ssl.trustStore=C:/Users/Administrator/Desktop/tools/data-integration/clientkeystore.jks" %PENTAHO_DI_JAVA_OPTIONS%
set OPT=%OPT% %PENTAHO_DI_JAVA_OPTIONS% "-Djava.library.path=%LIBSPATH%;%HADOOP_HOME%/bin" %JAVA_ENDORSED_DIRS% %JAVA_LOCALE_COMPAT% "-DKETTLE_HOME=%KETTLE_HOME%" "-DKETTLE_REPOSITORY=%KETTLE_REPOSITORY%" "-DKETTLE_USER=%KETTLE_USER%" "-DKETTLE_PASSWORD=%KETTLE_PASSWORD%" "-DKETTLE_PLUGIN_PACKAGES=%KETTLE_PLUGIN_PACKAGES%" "-DKETTLE_LOG_SIZE_LIMIT=%KETTLE_LOG_SIZE_LIMIT%" "-DKETTLE_JNDI_ROOT=%KETTLE_JNDI_ROOT%"
I can start the PDI, but it seem no fixed.
Thanks
Tony
------------------------------
Tony lang
Data Service Manager
fil
Original Message:
Sent: 02-22-2023 11:25
From: Petr Prochazka
Subject: IO Error when PDI 9.4 connect AWS RDS Oracle 19C
Hi Tony,
properties javax.net.ssl.trustStore,javax.net.ssl.trustStorePassword,javax.net.ssl.trustStoreType
MUST BE set as system property, you can set environment property PENTAHO_DI_JAVA_OPTIONS
or modify Spoon.bat file, for ex. PENTAHO_DI_JAVA_OPTIONS=-Djavax.net.ssl.trustStore=C:/Users/Administrator/Desktop/tools/data-integration/clientkeystore.jks
.
If trust store has password changeit (it's default in JVM), so property javax.net.ssl.trustStorePassword
is not required, store type is same (default is JKS), so property javax.net.ssl.trustStoreType
is not required.
Property oracle.jdbc.J2EE13Compliant
is system property too, I found this on Oracle site.
This is configuration for trust store of JVM, this is used for verifying of server side.
File has name clientkeystore.jks, so I expect that there is stored client private key/certificate. And this is used for verifying client on server.
------------------------------
Petr Prochazka
Systems Engineer
P.V.A. systems s.r.o.
Original Message:
Sent: 02-22-2023 03:51
From: Tony lang
Subject: IO Error when PDI 9.4 connect AWS RDS Oracle 19C
Thanks Juan
My options is here:

But Got the same error:
IO Error: IO Error sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, Authentication lapse 0 ms.
Is the format correct? or how to add this option?
Regards
Tony
------------------------------
Tony lang
Data Service Manager
fil
Original Message:
Sent: 02-20-2023 02:59
From: Juan Sierra Pons
Subject: IO Error when PDI 9.4 connect AWS RDS Oracle 19C
@Tony lang,
Just in case the problem is elsewhere try setting the trustServerCertificate to true in your JNDI and remove the other SSL certificate related options:
trustServerCertificate=true
This will trust server's certificate and do not check anything else. Check if this works
You can also:
- Check with the same options using another SQL java based client like http://www.squirrelsql.org/ and test your options.
- Check with the same options but using the PDI GUI instead
Hope it helps to pinpoint the problem
Best regards
------------------------------
Juan Sierra Pons
Systems Engineer
Juan Sierra Pons
Original Message:
Sent: 02-16-2023 20:49
From: Tony lang
Subject: IO Error when PDI 9.4 connect AWS RDS Oracle 19C
The error message:
IO Error: IO Error sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, connect lapse 113 ms., Authentication lapse 0 ms.
Connection type: Oracle
Access: JNDI
Options:
javax.net.ssl.trustStore=C:/Users/Administrator/Desktop/tools/data-integration/clientkeystore.jks
oracle.jdbc.J2EE13Compliant=true
javax.net.ssl.trustStorePassword=changeit
javax.net.ssl.trustStoreType=JKS
jdbs.properties
AWS_HKDA_DEV/type=javax.sql.DataSource
AWS_HKDA_DEV/driver=oracle.jdbc.driver.OracleDriver
AWS_HKDA_DEV/url=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=devrds.*****.sgfilcld)(PORT=11701))(CONNECT_DATA=(SERVICE_NAME=ORACLE)))
AWS_HKDA_DEV/user=******
AWS_HKDA_DEV/password=*******
And the jdbc is ojdbs8.jar
And imported the rds key with this:
keytool -import -alias rds-ap -keystore ******
Test the key should ok
keytool -list -v -keystore clientkeystore.jks -storepass "changeit"
Who can help to handle this issue or give me some advices?
Thank inadvanced
Tony
------------------------------
Tony lang
Data Service Manager
fil
------------------------------