Hadoop Distcp to HCP or AWS S3a leading to Error - com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed
Running Hadoop Distcp to copy data from S3a resulted in below error -
**com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”
Stack trace:
com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleRetryableException(AmazonHttpClient.java:1114) ~[aws-java-sdk-core-1.11.280.jar!/:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1064) ~[aws-java-sdk-core-1.11.280.jar!/:?]
To debug this error, turn SSL debug logging on -Djavax.net.debug=all, or -Djavax.net.debug=ssl
Above parameters can be set in Java options like below -
export _JAVA_OPTIONS="-Djava.io.tmpdir=/mydir/tmp -Djavax.net.debug=ssl"
Solution
- Disable SSL check by setting following in Java Options -
- -Dcom.amazonaws.sdk.disableCertChecking=true
- Above option is not good to disable SSL check. So, we should find Java Keystore and import certification of fs.s3a.endpoint certificate into same. Command to import certificate -
- keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"
Comments
Post a Comment