SSL Error from Melissa Global Address Enricher While Running in Azure Kubernetes
J
Joseph. g. patton
started a topic
2 months ago
Hello All,
My team is working through the move from 3rd party hosting of Semarchy xDM to environments that we have deployed to our Azure subscription. Our hosted environment is through a consulting partner's AWS subscription(app server is running on EC2 VM). Our new app servers are running in an Azure Kubernetes cluster inside my company's Azure subscription. During systems integration testing of the new Azure environments, we are encountering the following error related to the Melissa java plugin(pasted below). I wasn't involved with the initial setup of our Azure environments. Has anyone encountered this error while standing up containerized Semarchy xdM in Azure? Would this be a cert management issue for the semarchy java home, or something that needs to be addressed at the kubernetes cluster?
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Our solution was to run the key tool utility in the Semarchy/tomcat java home and install our root certificate(if just changed it to arbitrary "rootcert.pem" in the example Dockerfile below:
Our solution was to run the key tool utility in the Semarchy/tomcat java home and install our root certificate(if just changed it to arbitrary "rootcert.pem" in the example Dockerfile below:
RUN echo "rootcert.pem" >> /etc/ca-certificates.conf
RUN \
update-ca-certificates && \
for cert in /usr/share/ca-certificates/*.pem; do \
keytool \
-noprompt \
-import \
-trustcacerts \
-storepass whatevz \
-file "$cert" \
-alias $(basename "$cert" .crt) \
-cacerts; \
done
J
Joseph. g. patton
said
about 2 months ago
I was hoping that we were fulling up and running in our new Azure Kubernetes home. The cert error has been addressed, but now we are seeing timeouts from the melissa api:
!MESSAGE An exception has been caught - status: 500 (InternalServerError), logref: fd47ca1a-582d-4bea-8fa9-5950550f4238 (Message reported by logger com.semarchy.mdm.dataui.infra.jaxrs.DataUIExceptionMapper, current authenticated user: 'xxxxx@xxx.com')
!STACK 0
com.semarchy.platform.engine.core.impl.plugin.ApiInvocationException: javax.ws.rs.ProcessingException: java.net.http.HttpTimeoutException: HttpTimeoutException invoking https://address.melissadata.net/V3/WEB/GlobalAddress/doGlobalAddress: request timed out
at com.semarchy.platform.engine.core.impl.plugin.JavaPluginExecutor.transform(JavaPluginExecutor.java:26)
I believe the we have analysts and developers hitting the melissa api directly from their workstations in the office, so I'll start investigating from an app config and azirekubernetes cluster perspective.
Joseph. g. patton
Hello All,
My team is working through the move from 3rd party hosting of Semarchy xDM to environments that we have deployed to our Azure subscription. Our hosted environment is through a consulting partner's AWS subscription(app server is running on EC2 VM). Our new app servers are running in an Azure Kubernetes cluster inside my company's Azure subscription. During systems integration testing of the new Azure environments, we are encountering the following error related to the Melissa java plugin(pasted below). I wasn't involved with the initial setup of our Azure environments. Has anyone encountered this error while standing up containerized Semarchy xdM in Azure? Would this be a cert management issue for the semarchy java home, or something that needs to be addressed at the kubernetes cluster?
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Our solution was to run the key tool utility in the Semarchy/tomcat java home and install our root certificate(if just changed it to arbitrary "rootcert.pem" in the example Dockerfile below:
FROM semarchy/xdm:2024.1.1
USER root
ADD http://rootcert.rootcert.com/rootcert.pem /usr/share/ca-certificates/rootcert.pem
RUN echo "rootcert.pem" >> /etc/ca-certificates.conf
RUN \
update-ca-certificates && \
for cert in /usr/share/ca-certificates/*.pem; do \
keytool \
-noprompt \
-import \
-trustcacerts \
-storepass whatevz \
-file "$cert" \
-alias $(basename "$cert" .crt) \
-cacerts; \
done
- Oldest First
- Popular
- Newest First
Sorted by Oldest FirstJoseph. g. patton
Our solution was to run the key tool utility in the Semarchy/tomcat java home and install our root certificate(if just changed it to arbitrary "rootcert.pem" in the example Dockerfile below:
FROM semarchy/xdm:2024.1.1
USER root
ADD http://rootcert.rootcert.com/rootcert.pem /usr/share/ca-certificates/rootcert.pem
RUN echo "rootcert.pem" >> /etc/ca-certificates.conf
RUN \
update-ca-certificates && \
for cert in /usr/share/ca-certificates/*.pem; do \
keytool \
-noprompt \
-import \
-trustcacerts \
-storepass whatevz \
-file "$cert" \
-alias $(basename "$cert" .crt) \
-cacerts; \
done
Joseph. g. patton
I was hoping that we were fulling up and running in our new Azure Kubernetes home. The cert error has been addressed, but now we are seeing timeouts from the melissa api:
-
xDM Compatibility with Java 17?
-
xDM on Docker
-
How to Upgrade Apache Tomcat?
-
Application Server Gives 404 Error
-
Amazon Aurora support
-
Change Prod Repository Type Without Reinstallation
-
Is It Possible to Import a V5.1.1 Data Model to V5.2.8?
-
"500 Internal Server Error" While Opening with Localhost
-
Enable Access to Azure File Storage?
-
Why am I getting Status 404 -- Not Found Error on Azure?
See all 29 topics