Unable to import database during 9.7 appliance version migration due to SSL error
Article ID: 385454
Updated On:
Products
VMware Cloud Director
Issue/Introduction
During the migration from the 9.7 Linux version with external Postgres database to the embedded 9.7 appliance version, the database import phase fails due to an SSL error.
SEVERE: Connection error:
org.postgresql.util.PSQLException: SSL error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:67)
at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:359)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:148)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:194)
at org.postgresql.Driver.makeConnection(Driver.java:450)
at org.postgresql.Driver.connect(Driver.java:252)
at com.vmware.vcloud.common.datasource.DataSourceFactory$ConfigurationAwareDataSource.getConnection(DataSourceFactory.java:53)
at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDataSource(PooledConnection.java:224)
at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:180)
at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:710)
at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:644)
at org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:466)
at org.apache.tomcat.jdbc.pool.ConnectionPool.<init>(ConnectionPool.java:143)
at org.apache.tomcat.jdbc.pool.DataSourceProxy.pCreatePool(DataSourceProxy.java:116)
at org.apache.tomcat.jdbc.pool.DataSourceProxy.createPool(DataSourceProxy.java:103)
at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:127)
at com.vmware.vcloud.common.install.impl.AbstractDatabaseContext.connect(AbstractDatabaseContext.java:226)
at com.vmware.vcloud.configure.legacy.Db.<init>(Db.java:78)
at com.vmware.vcloud.configure.legacy.ConfigAgent.getDb(ConfigAgent.java:1421)
at com.vmware.vcloud.configure.legacy.ConfigAgent.configureDatabaseParameters(ConfigAgent.java:1279)
at com.vmware.vcloud.configure.legacy.ConfigAgent.configureDatabase(ConfigAgent.java:1208)
at com.vmware.vcloud.configure.legacy.ConfigAgent.start(ConfigAgent.java:362)
at com.vmware.vcloud.configure.legacy.ConfigAgentExecutor.start(ConfigAgentExecutor.java:87)
at com.vmware.vcloud.configure.legacy.ConfigAgentExecutor.main(ConfigAgentExecutor.java:81)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:348)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:291)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:286)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:156)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1418)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1324)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:439)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:410)
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:62)
... 24 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
at sun.security.validator.Validator.validate(Validator.java:271)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:223)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
... 36 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
... 42 more
Could not connect to database: Verify the database host is reachable from this machine and the provided credentials are validEnvironment
vCloud Director 9.7
Cause
The issue is caused by a problem with the database password complexity set on the destination appliance.
Resolution
- Verify that the database host is reachable from the machine where the migration is being performed.
- Check that the provided credentials (username and password) are valid.
- Redeploy the target 9.7 appliance and use a simple password for the Postgres vcloud user that does not contain any special characters.
- Once the migration is complete, the database password can be changed to something more complex.
Feedback
Yes
No
Powered by
