You set up a Symantec Data Loss Prevention (DLP) SharePoint discover scan target with quarantine configured to move files to a file share. The quarantine action fails and you find the following remediation errors in the FileReader logs of the Network Discover server:
Oct 18, 2021 8:06:33 AM com.symantec.dlp.remediation.logging.Reporter <init>
INFO: Protect Thread 'Message chain #1': Starting remediation for https://example.sharepoint.com/project/yourFile.pdf
Oct 18, 2021 8:06:33 AM com.symantec.dlp.remediation.logging.Reporter report
INFO: Protect Thread 'Message chain #1': Finished remediation for https://example.sharepoint.com/project/yourFile.pdf
Oct 18, 2021 8:06:34 AM com.symantec.dlp.sharepointapi.SharePointHttpClient postSOAPXML
SEVERE: SOAP Request Failed : sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Oct 18, 2021 8:06:34 AM com.symantec.dlp.sharepointapi.SharePointNode <init>
SEVERE: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Oct 18, 2021 8:06:34 AM com.symantec.dlp.remediation.logging.Reporter report
INFO: Protect Thread 'pool-9-thread-16': Finished remediation for https://example.sharepoint.com/project/yourFile.pdf
Oct 18, 2021 8:06:34 AM com.symantec.dlp.remediation.async.request.QuarantineRequestSubTaskHandler handleSubTask
SEVERE: Quarantine failed for item https://example.sharepoint.com/project/yourFile.pdf
com.symantec.dlp.remediation.enforce.sharepoint.SharePointRemediatorException: Failed to quarantine SharePoint file
Release : 15.8
Component : Network Discover
The certificate authority (CA) that issued the certificate to the SharePoint site is not in the java cacerts keystore file.
Obtain a copy of the root CA certificate (e.g., myRootCA.pem) and import it into the cacerts keystore file (default locations listed below).
Linux:
keytool -importcert -file myRootCA.pem -alias myRootCA -keystore /opt/AdoptOpenJRE/jdk8u262-b10-jre/lib/security/cacerts -storepass changeit
Windows:
keytool -importcert -file myRootCA.pem -alias myRootCA -keystore c:\"Program Files"\AdoptOpenJRE\jdk8u262-b10-jre\lib\security\cacerts -storepass changeit