Hello, we have a user (userid - ydasri) who is reported an issue running a test case with SQL steps and is getting this error...
IO Error: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, connect lapse 31 ms., Authentication lapse 0 ms.
.... she was on VPN and had ran the test case previously with no issues,I ran the DBTEST test case for all connections as well as the specific test case in question, I could not reproduce the issue, and her IP address is part of the eRA filewall and she can run sql queries in PL/SQL with no issues.
I saw FAQ I am getting the error "sun.security.validator.ValidatorException.." what should I do? – Subject7 (zendesk.com) and I am not sure if it is applicable since the user is running a SQL query and not trying to access a url.
I would appreciate us having a meeting with the user so that we can demo the isssue and get it resolved. Thanks.
Hi Stephen,
Are there two end user environments at play here, ie, is one environment a virtual workstation or VDI workstation and the other is a laptop or other corporate pc device? If Java is being used, is the Java cacerts file different between the different environments?
Regards,
Subject7 Team
Hello,
I'd like to provide some clarification regarding the issue you're currently encountering. Typically, a certificate can be configured on the Oracle Database server to enforce that any connecting client must possess this certificate for successful access. A client can take various forms, including Oracle SQL Developer, JDBC drivers (Java programs), or, in your case, the Subject7 player, which also operates through a Java-based JDBC mechanism.
The way a client is configured to utilize certificates largely depends on the client itself. It can either directly store the certificate or rely on the host's (User laptop) trust store. In this scenario, the Subject7 player, being a Java program, defaults to the host's certificate trust store (Windows Certificate Store).
The fact that the same query is functional on other machines within your network suggests that those machines have the necessary certificate either installed on their host or within their Java trust store. It's highly unlikely that these certificates will be added to the Java trust store because otherwise each time we had a Subjetc7 release at eRA you would have to explicitly install/import certs into the Subject7 player's JRE. (Which I have never seen).
In summary, to resolve this issue, please contact your Database Administrator to inquire about the certificate's specifics (the name of it and the chain). Subsequently, collaborate with your IT department to ensure that the certificate is correctly installed on the user's laptop (i.e. Host machine). Here is a reference on how to add certificates to the Windows Trust Store, which your IT is very well aware of but just as a reference.
Another useful troubleshooting step is to check if Oracle SQL Developer is functioning on the user's machine and investigate how the certificate was used there. If the host trusts the certificates and Oracle SQL Developer is using them then it should also trust them for the Subject7 player.
Please follow these steps, and kindly let us know how it goes.
Please sign in to leave a comment.