Content
The Denodo Platform supports SSL connections between the VDP server and VDP Administration tool. After enabling SSL for the VDP Server, it is necessary to specify the location of the trust store in the configuration of VDP Administration tool in order to enable SSL connections between VDP Server and the VDP Administration tool.
Sometimes, the following error is displayed when trying to login to an SSL enabled VDP Server when using the VDP Administration tool:
Cannot trust the server to establish a SSL connection
To fix this error there are two alternatives:
Copying the trustStore used by the VDP Server
In order to fix this error the Administrator of the Denodo Server should copy the file “cacerts” from <DENODO_HOME>/jre/lib/security/ to the installation folder of the client tool
<DENODO_CLIENT>/jre/lib/security/, replacing the existing file.
This approach avoids the modification of VDBAdminConfiguration.properties file located in <DENODO_HOME>/conf/vdp-admin/. The file “cacerts” should have the public key of the VDP server imported into it.
Adding the VDP Server certificate to the trustStore used by the VDP Admin Tool
Another alternative that allows the VDP Administration Tool to connect to different servers is importing the VDP server certificate into the default trustStore used by the VDP Administration Tool. This default trustStore is located in the local folder of the client machine where the tool is installed in the path: <DENODO_CLIENT>/jre/lib/security/cacerts.
In order to import the certificate of the server in the VDP Admin Tool installation the following command must be used:
<DENODO_CLIENT>\jre\bin\keytool -importcert -alias <CERTIFICATE_ALIAS> -file <CERTIFICATE_FILE.cer> -keystore <DENODO_CLIENT>\jre\lib\security\cacerts -storepass "changeit" -noprompt
Ensure the <CERTIFICATE_ALIAS> and <CERTIFICATE_FILE.cer> match with the certificate alias and the certificate file name used in the VDP server configuration.
Older versions
In Denodo Platform 7.0 and Denodo Platform 6.0 (since the update “denodo-v60-update-20160905”), the following error is seen when trying to login to an SSL enabled VDP Server. Follow the same process as described for Denodo 9.0 to resolve the error.
Cannot trust the server to establish the SSL connection
For other older versions (Denodo 6.0 prior to update “denodo-v60-update-20160905” and versions 5.5 or older), the below error message appears:
connection error: sun.security.validator.ValidatorException:
PIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested targetK
To overcome this error, apart from following the previous instructions for adding the server certificate to the trustStore of the client, the ‘VDBAdminConfiguration.properties’ file found in the '<DENODO_HOME>/conf/vdp-admin/' folder should be edited, by uncommenting the below line and making sure a valid path for the trust store is specified for it (by default <DENODO_HOME>/jre/lib/security/cacerts).
com.denodo.security.ssl.trustStore=
Note that this setting has to be changed for any VDP Administration tool (local or remote) that needs to be connected to the VDP server.
References
The information provided in the Denodo Knowledge Base is intended to assist our users in advanced uses of Denodo. Please note that the results from the application of processes and configurations detailed in these documents may vary depending on your specific environment. Use them at your own discretion.
For an official guide of supported features, please refer to the User Manuals. For questions on critical systems or complex environments we recommend you to contact your Denodo Customer Success Manager.
Recommended resources
Questions
