0

I'm using Java SDK for Kusto (Azure Data Explorer).

<groupId>com.microsoft.azure.kusto</groupId>
<artifactId>kusto-data</artifactId>
<version>5.0.3</version>

I'm connecting to kusto with an aad app registration and when I'm trying to execute a query I'm getting this error:

com.microsoft.azure.kusto.data.exceptions.DataServiceException: IOException when trying to retrieve cluster metadata:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.microsoft.azure.kusto.data.auth.CloudInfo.lambda$retrieveCloudInfoForCluster$0(CloudInfo.java:108)
    at com.microsoft.azure.kusto.data.ExponentialRetry.execute(ExponentialRetry.java:39)
    at com.microsoft.azure.kusto.data.auth.CloudInfo.retrieveCloudInfoForCluster(CloudInfo.java:100)
    at com.microsoft.azure.kusto.data.auth.CloudDependentTokenProviderBase.lambda$initialize$0(CloudDependentTokenProviderBase.java:38)
    at com.microsoft.azure.kusto.data.instrumentation.MonitoredActivity.invoke(MonitoredActivity.java:33)
    at com.microsoft.azure.kusto.data.auth.CloudDependentTokenProviderBase.initialize(CloudDependentTokenProviderBase.java:37)
    at com.microsoft.azure.kusto.data.auth.TokenProviderBase.acquireAccessToken(TokenProviderBase.java:30)
    at com.microsoft.azure.kusto.data.ClientImpl.generateIngestAndCommandHeaders(ClientImpl.java:405)
    at com.microsoft.azure.kusto.data.ClientImpl.executeToJsonResult(ClientImpl.java:213)
    at com.microsoft.azure.kusto.data.ClientImpl.executeImpl(ClientImpl.java:173)
    at com.microsoft.azure.kusto.data.ClientImpl.lambda$execute$0(ClientImpl.java:122)
    at com.microsoft.azure.kusto.data.instrumentation.MonitoredActivity.invoke(MonitoredActivity.java:33)
    at com.microsoft.azure.kusto.data.ClientImpl.execute(ClientImpl.java:121)
    at com.microsoft.azure.kusto.data.ClientImpl.execute(ClientImpl.java:116)
    at com.microsoft.azure.kusto.data.ClientImpl.execute(ClientImpl.java:111)

I tried to add microsoft ca certificates to my JDK using keytool but it didn't help. I'm still not able to perform the query and I don't understand why.

1

1 Answer 1

0

com.microsoft.azure.kusto.data.exceptions.DataServiceException: IOException when trying to retrieve cluster metadata: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

According to this SO-Answer by Theri Muthu Selvam:

  • This problem primarily arises because the application within our system, designed to safeguard against security breaches, is blocking the request.
  • You can ignore the error while querying Kusto with the Java SDK. You need to import the SSL certificate to the default Java keystore. The default Java keystore typically already has all the CA root certificates. However, there might be some exceptions. For example, a different root certificate might sign the ingestion endpoint certificate.

Check if the SSL certificate that was used to sign the Kusto endpoint is already present in the default keystore with this command:

Command:

keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts > temp.txt

Command:

Import the SSL certificate to the default Java Keystore using the following command:

keytool -keystore  "$JAVA_HOME/jre/lib/security/cacerts" -import -alias "<some-meaningful-name>" -file "<downloaded-ssl-certificate-file>"
password: changeit

Reference:

Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.