Stardog server setup certification error: PKIX path building failed

Support
1

Hi,

I am preparing a server for encryption in transit (https) following the instructions here. When I check the status of the server through the 5821 port, I receive the error message PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target , see below.

image
image1329×628 48.2 KB

There is one modification to those instructions linked above, when creating the certificate I use this command:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out myCert.crt -days 365 -nodes -subj "/C=YourCountry/ST=YourState/L=YourCity/O=YourOrganization/OU=YourOrganizationalUnit/CN=$hostname" -extensions SAN -config <(echo "[SAN]\nsubjectAltName=DNS:cloud.stardog.com,IP:192.168.1.1").

Here is the systemd file

image
image1039×591 17.7 KB

And lastly, does the server access the certificate? I am pretty sure that is the case.

image
image1327×860 23.6 KB

Any insight or direction is greatly appreciated.

2

Here is a ping to keep this post alive.

3

Hi Jamie,

sudo spins up a new subshell, so it doesn't include the environment variables you set. In this case, those missing environment variables are STARDOG_SERVER_JAVA_ARGS and STARDOG_JAVA_ARGS to hold the information about your keystore and truststore, repsectively.

You can either remove sudo from your server status command or add the -E flag to include the environment variables. Let me know if either of those work.

Best,
Steve