Start a new topic
Answered

SSL Error from Melissa Global Address Enricher While Running in Azure Kubernetes

Hello All,


My team is working through the move from 3rd party hosting of Semarchy xDM to environments that we have deployed to our Azure subscription.  Our hosted environment is through a consulting partner's AWS subscription(app server is running on EC2 VM).  Our new app servers are running in an Azure Kubernetes cluster inside my company's Azure subscription.  During systems integration testing of the new Azure environments, we are encountering the following error related to the Melissa java plugin(pasted below).  I wasn't involved with the initial setup of our Azure environments.  Has anyone encountered this error while standing up containerized Semarchy xdM in Azure?  Would this be a cert management issue for the semarchy java home, or something that needs to be addressed at the kubernetes cluster? 


Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

txt

Best Answer

Our solution was to run the key tool utility in the Semarchy/tomcat java home and install our root certificate(if just changed it to arbitrary "rootcert.pem" in the example Dockerfile below:


FROM semarchy/xdm:2024.1.1

USER root

ADD http://rootcert.rootcert.com/rootcert.pem /usr/share/ca-certificates/rootcert.pem

RUN echo "rootcert.pem" >> /etc/ca-certificates.conf

RUN \

  update-ca-certificates && \

  for cert in /usr/share/ca-certificates/*.pem; do \

    keytool \

      -noprompt \

      -import \

      -trustcacerts \

      -storepass whatevz \

      -file "$cert" \

      -alias $(basename "$cert" .crt) \

      -cacerts; \

  done


Answer

Our solution was to run the key tool utility in the Semarchy/tomcat java home and install our root certificate(if just changed it to arbitrary "rootcert.pem" in the example Dockerfile below:


FROM semarchy/xdm:2024.1.1

USER root

ADD http://rootcert.rootcert.com/rootcert.pem /usr/share/ca-certificates/rootcert.pem

RUN echo "rootcert.pem" >> /etc/ca-certificates.conf

RUN \

  update-ca-certificates && \

  for cert in /usr/share/ca-certificates/*.pem; do \

    keytool \

      -noprompt \

      -import \

      -trustcacerts \

      -storepass whatevz \

      -file "$cert" \

      -alias $(basename "$cert" .crt) \

      -cacerts; \

  done

I was hoping that  we were fulling up and running in our new Azure Kubernetes home.  The cert error has been addressed, but now we are seeing timeouts from the melissa api:


!ENTRY com.semarchy.commons.ws 4 0 2024-09-19 12:44:45.318
!MESSAGE An exception has been caught - status: 500 (Internal Server Error), logref: fd47ca1a-582d-4bea-8fa9-5950550f4238 (Message reported by logger com.semarchy.mdm.dataui.infra.jaxrs.DataUIExceptionMapper, current authenticated user: 'xxxxx@xxx.com')
!STACK 0
com.semarchy.platform.engine.core.impl.plugin.ApiInvocationException: javax.ws.rs.ProcessingException: java.net.http.HttpTimeoutException: HttpTimeoutException invoking https://address.melissadata.net/V3/WEB/GlobalAddress/doGlobalAddress: request timed out
at com.semarchy.platform.engine.core.impl.plugin.JavaPluginExecutor.transform(JavaPluginExecutor.java:26)

I believe the we have analysts and developers hitting the melissa api directly from their workstations in the office, so I'll start investigating from an app config and azirekubernetes cluster perspective.
Login to post a comment