我正在使用 Java SDK for Kusto(Azure 数据资源管理器)。
<groupId>com.microsoft.azure.kusto</groupId>
<artifactId>kusto-data</artifactId>
<version>5.0.3</version>
我正在通过 aad 应用程序注册连接到 kusto,当我尝试执行查询时,我收到此错误:
com.microsoft.azure.kusto.data.exceptions.DataServiceException: IOException when trying to retrieve cluster metadata:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.microsoft.azure.kusto.data.auth.CloudInfo.lambda$retrieveCloudInfoForCluster$0(CloudInfo.java:108)
at com.microsoft.azure.kusto.data.ExponentialRetry.execute(ExponentialRetry.java:39)
at com.microsoft.azure.kusto.data.auth.CloudInfo.retrieveCloudInfoForCluster(CloudInfo.java:100)
at com.microsoft.azure.kusto.data.auth.CloudDependentTokenProviderBase.lambda$initialize$0(CloudDependentTokenProviderBase.java:38)
at com.microsoft.azure.kusto.data.instrumentation.MonitoredActivity.invoke(MonitoredActivity.java:33)
at com.microsoft.azure.kusto.data.auth.CloudDependentTokenProviderBase.initialize(CloudDependentTokenProviderBase.java:37)
at com.microsoft.azure.kusto.data.auth.TokenProviderBase.acquireAccessToken(TokenProviderBase.java:30)
at com.microsoft.azure.kusto.data.ClientImpl.generateIngestAndCommandHeaders(ClientImpl.java:405)
at com.microsoft.azure.kusto.data.ClientImpl.executeToJsonResult(ClientImpl.java:213)
at com.microsoft.azure.kusto.data.ClientImpl.executeImpl(ClientImpl.java:173)
at com.microsoft.azure.kusto.data.ClientImpl.lambda$execute$0(ClientImpl.java:122)
at com.microsoft.azure.kusto.data.instrumentation.MonitoredActivity.invoke(MonitoredActivity.java:33)
at com.microsoft.azure.kusto.data.ClientImpl.execute(ClientImpl.java:121)
at com.microsoft.azure.kusto.data.ClientImpl.execute(ClientImpl.java:116)
at com.microsoft.azure.kusto.data.ClientImpl.execute(ClientImpl.java:111)
我尝试使用 keytool 将 microsoft ca 证书添加到我的 JDK,但没有帮助。我仍然无法执行查询,我不明白为什么。
com.microsoft.azure.kusto.data.exceptions.DataServiceException:尝试检索群集元数据时出现 IOException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径
根据 Theri Muthu Selvam 的SO-Answer:
使用以下命令检查用于签署 Kusto 端点的 SSL 证书是否已存在于默认密钥库中:
命令:
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts > temp.txt
命令:
使用以下命令将 SSL 证书导入到默认 Java 密钥库:
keytool -keystore "$JAVA_HOME/jre/lib/security/cacerts" -import -alias "<some-meaningful-name>" -file "<downloaded-ssl-certificate-file>"
password: changeit
参考: