Anaplan Connect issue:- sun.security.validator.ValidatorException: PKIX path building failed

anildudam
anildudam
in Integrations and extensibility

Hi Expert,

Anaplan Connect scripts were working fine since 1 year, not sure what happen suddenly I'm getting below error messages while executing.

error:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (Validator: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (Sun cert path builder: unable to find valid certification path to requested target

image.png

We didn't install/setup any kind certificates and so far Java jdk 1.8

image.png

Kindly help me.

Thanks,

Anil

Answers

  • ben_speight
    ben_speight

    This means that Anaplan Connect cannot establish a secure connection, perhaps because a firewall is performing stateful packet inspection or the Java runtime's trusted root certificates are missing/damaged. You may be able to debug by setting the environment variable

    JAVA_OPTS=-Djavax.net.debug=ssl,trustManager

    before running Anaplan Connect, though it will likely produce a lot of output to sift through.

    You could also try opening https://auth.anaplan.com/in a browser and inspecting the server certificate chain by clicking the padlock icon.

  • anildudam
    anildudam

    Hi Ben,

    Thank for your support.

    Currently is certificates installed so far. I don't see any JAVA_OPTS in environment variable list. So I have added as per the above. Now script showing below error message.

    image.png
    image.png

    I'm getting below screen while connect to the url

    image.png

    Sorry, I'm not good in setup enviroment variables. Please let me know, if I'm doing any thing wrong.

    Thanks & regards,

    Anil

  • ben_speight
    ben_speight

    Looks like its feeding in correctly, you just need to remove the leading "JAVA_OPTS=" from the value itself. It may be easier to set it in a batch file that calls out to AnaplanClient.bat.

    In your browser if you click on the padlock in the address bar you should be able to view the certificate chain, from my machine it looks like

    auth.anaplan.com.png

    If it is substantively different, I'd suggest contacting your network administrator for guidance.

    (If anyone finds this in a years time, the details will be different as the server certificate has a finite lifespan)

  • anildudam
    anildudam

    Hi Ben,

    Thanks for the assistance and appreciate for the quick response.

    Out internal IT admin provided the solution and it's I'm able to run script now.

    Thanks & regards,

    Anil

Categories