Data protection operations for high availability Kubernetes cluster might fail when API server not configured to send ROOT certificate
If the Kubernetes cluster is set up in high availability mode and the Kubernetes API server is not configured to send the ROOT certificate as part of the TLS communication setup, backup and restore operations might fail with the following error:
javax.net.ssl.SSLHandshakeExcept ion: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.S unCertPathBuilderException: unable to find valid certification path to requested target
To resolve the error, perform the following steps:
Copy the root certificate of the Kubernetes cluster to the
PowerProtect Data Manager server.
As an administrator on the
PowerProtect Data Manager server, import the certificate to the
PowerProtect Data Manager trust store by running the following command:
ppdmtool -importcert -alias
certificate alias -file
file with certificate -type
BASE64|PEM
Where:
i or
importcert imports the certificate.
a or
aliascertificate alias is used to specify the alias of the certificate.
f or
filefile with certificate is used to specify the file with the certificate.
t or
typeBASE64|PEM is used to specify the certificate type. The default type is PEM.
NOTE Since the root certificate is in PEM format, this command should not require the
type input.
Sample command to import certificate to
PowerProtect Data Manager trust store