Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

PowerProtect Data Manager 19.10 Kubernetes User Guide

Data protection operations for high availability Kubernetes cluster might fail when API server not configured to send ROOT certificate

If the Kubernetes cluster is set up in high availability mode and the Kubernetes API server is not configured to send the ROOT certificate as part of the TLS communication setup, backup and restore operations might fail with the following error:

javax.net.ssl.SSLHandshakeExcept ion: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.S unCertPathBuilderException: unable to find valid certification path to requested target

To resolve the error, perform the following steps:

  1. Copy the root certificate of the Kubernetes cluster to the PowerProtect Data Manager server.
  2. As an administrator on the PowerProtect Data Manager server, import the certificate to the PowerProtect Data Manager trust store by running the following command:

    ppdmtool -importcert -alias certificate alias -file file with certificate -type BASE64|PEM

    Where:

    i or importcert imports the certificate.

    a or alias certificate alias is used to specify the alias of the certificate.

    f or file file with certificate is used to specify the file with the certificate.

    t or type BASE64|PEM is used to specify the certificate type. The default type is PEM.

    NOTE Since the root certificate is in PEM format, this command should not require the type input.

Sample command to import certificate to PowerProtect Data Manager trust store

ppdmtool -importcert -alias apiserver.xyz.com -file root-certificate


Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\