Operate failed: io.camunda.operate.exception.OperateException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException

Hi,

Trying to use worker ( with Inbound and Outbound Connectors ) to connect with Camunda SAAS. Getting a certificate issue during server startup…
I see the engine is created in the logs…
Have added the camunda.io and operate.camunda.io to the cacerts in the JDK → Security…

2023-08-10T15:43:24.069+05:30 INFO 21296 — [ main] org.camunda.feel.FeelEngine : Engine created. [value-mapper: CompositeValueMapper(List(org.camunda.feel.impl.JavaValueMapper@58d63b16)), function-provider: io.camunda.connector.runtime.core.feel.FeelConnectorFunctionProvider@7c4fc2bf, clock: SystemClock, configuration: Configuration(false)]

2023-08-10T15:45:21.673+05:30 WARN 21296 — [ main] s.c.c.OperateClientProdAutoConfiguration : An attempt to connect to Operate failed: io.camunda.operate.exception.OperateException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2023-08-10T15:45:21.679+05:30 WARN 21296 — [ main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name ‘io.camunda.connector.runtime.inbound.lifecycle.InboundConnectorRestController’: Unsatisfied dependency expressed through constructor parameter 0: Error creating bean with name ‘inboundConnectorManager’ defined in class path resource [io/camunda/connector/runtime/inbound/lifecycle/InboundConnectorLifecycleConfiguration.class]: Unsatisfied dependency expressed through method ‘inboundConnectorManager’ parameter 3: Error creating bean with name ‘processDefinitionInspector’ defined in class path resource [io/camunda/connector/runtime/inbound/importer/ProcessDefinitionImportConfiguration.class]: Unsatisfied dependency expressed through method ‘processDefinitionInspector’ parameter 0: Error creating bean with name ‘camundaOperateClient’ defined in class path resource [io/camunda/zeebe/spring/client/configuration/OperateClientProdAutoConfiguration.class]: Failed to instantiate [io.camunda.operate.CamundaOperateClient]: Factory method ‘camundaOperateClient’ threw exception with message: io.camunda.operate.exception.OperateException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Hi @neelanjan_banerjee,

Do I understand correctly, that you use Camunda 8 SaaS and a local/self-managed installation of the connectors? Why don’t you use the Connectors provided by the SaaS environment?

The inbound connectors require that Operate is part of the same setup:

Consider running the outbound connectors only.

Hi @StephanHaarmann ,

Yes … I am using Camunda 8 SAAS + Runnable spring Boot application ( spring-boot-starter-camunda-connectors:0.21.3 ).

I am using the Camunda provided Connector bundle only … just that I have added a wrapper class for inbound and outbound connector similar to :-https://github.com/camunda/connectors/blob/270d0180e4509b2406c029a8e759d6257b6f3736/connectors/kafka/src/main/java/io/camunda/connector/kafka/outbound/KafkaConnectorFunction.java
and
https://github.com/camunda/connectors/blob/270d0180e4509b2406c029a8e759d6257b6f3736/connectors/kafka/src/main/java/io/camunda/connector/kafka/inbound/KafkaExecutable.java

On running the Runnable spring Boot application ( spring-boot-starter-camunda-connectors:0.21.3 ) project getting the SSL issue.
Have generated a keystore and added as a truststore also…

#trust store location

trust.store=classpath:camundaCert.keystore

#trust store password

trust.store.password=********

to add the camunda and operate certificate is also added to cacerts under JDK/security

Hi @StephanHaarmann … the issue got resolved… by switching to another machine… might be a firewall issue…