You can translate the document:

Content

The Denodo Platform supports SSL connections between the VDP server and VDP Administration tool. After enabling SSL for the VDP Server, it is necessary to specify the location of the trust store in the configuration of VDP Administration tool in order to enable SSL connections between VDP Server and the VDP Administration tool.

In Denodo Platform 8.0, the following error is displayed when trying to login to an SSL enabled VDP Server:

Cannot trust the server to establish a SSL connection

To fix this error there are two alternatives:

Copying the trustStore used by the VDP Server

In order to fix this error the Administrator of the Denodo Server should copy the file “cacerts” from <DENODO_HOME>/jre/lib/security/ to the installation folder of the client tool

<DENODO_CLIENT>/jre/lib/security/, replacing the existing file.

This approach avoids the modification of VDBAdminConfiguration.properties file located in <DENODO_HOME>/conf/vdp-admin/. The file “cacerts” should have the public key of the VDP server imported into it.

Adding the VDP Server certificate to the trustStore used by the VDP Admin Tool

Another alternative that allows the VDP Administration Tool to connect to different servers is importing the VDP server certificate into the default trustStore used by the VDP Administration Tool. This default trustStore is located in the local folder of the client machine where the tool is installed in the path: <DENODO_CLIENT>/jre/lib/security/cacerts.

In order to import the certificate of the server in the VDP Admin Tool installation the following command must be used:

<DENODO_CLIENT>\jre\bin\keytool -importcert -alias <CERTIFICATE_ALIAS> -file <CERTIFICATE_FILE.cer> -keystore <DENODO_CLIENT>\jre\lib\security\cacerts -storepass "changeit" -noprompt

Ensure the <CERTIFICATE_ALIAS> and <CERTIFICATE_FILE.cer> match with the certificate alias and the certificate file name used in the VDP server configuration.

Older versions

In Denodo Platform 7.0 and Denodo Platform 6.0 (since the update “denodo-v60-update-20160905”), the following error is seen when trying to login to an SSL enabled VDP Server. Follow the same process as described for Denodo 8.0 to resolve the error.

Cannot trust in the server to establish the SSL connection

For other older versions (Denodo 6.0 prior to update “denodo-v60-update-20160905” and versions 5.5 or older), the below error message appears:

connection error: sun.security.validator.ValidatorException:

PKIX path building failed:

sun.security.provider.certpath.SunCertPathBuilderException:

unable to find valid certification path to requested target

pkix_error.png

To overcome this error, apart from following the previous instructions for adding the server certificate to the trustStore of the client, the ‘VDBAdminConfiguration.properties’ file found in the '<DENODO_HOME>/conf/vdp-admin/' folder should be edited, by uncommenting the below line and making sure a valid path for the trust store is specified for it (by default <DENODO_HOME>/jre/lib/security/cacerts).

com.denodo.security.ssl.trustStore=

Note that this setting has to be changed for any VDP Administration tool (local or remote) that needs to be connected to the VDP server.

References

Denodo Platform Installation Guide: Obtaining and Installing a SSL/TLS Certificate

Denodo Platform Installation Guide: Enabling SSL in Denodo Platform Tools

Questions

Ask a question

You must sign in to ask a question. If you do not have an account, you can register here