How to give s3 client and server certificates to s3 repository client

bikkina_mahesh · February 10, 2020, 6:20am

I am trying to create s3 client

PUT _snapshot/my_s3_repository
{
"type": "s3",
"settings": {
"bucket": "test1",
"endpoint": "s3.tally.com",
"access_key": "",
"secret_key": ""
}
}

Getting following error

{
"error": {
"root_cause": [
{
"type": "repository_verification_exception",
"reason": "[my_s3_repository] path is not accessible on master node"
}
],
"type": "repository_verification_exception",
"reason": "[my_s3_repository] path is not accessible on master node",
"caused_by": {
"type": "i_o_exception",
"reason": "Unable to upload object [tests-ZUR6RvRpQoONFdtL972LCw/master.dat] using a single upload",
"caused_by": {
"type": "sdk_client_exception",
"reason": "Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
"caused_by": {
"type": "s_s_l_handshake_exception",
"reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
"caused_by": {
"type": "validator_exception",
"reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
"caused_by": {
"type": "sun_cert_path_builder_exception",
"reason": "unable to find valid certification path to requested target"
}
}
}
}
}
},
"status": 500
}

Armin_Braun · February 10, 2020, 6:42am

Hi @bikkina_mahesh

This appears to be a problem with your JVM's truststore not having the right certificate chain for s3.tally.com imported.

You will have to add the certificate of s3.tally.com to the truststore by using Java's keytool.

system · March 9, 2020, 6:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.