PowerProtect Data Manager 19.11 Kubernetes User Guide
Data protection operations for high availability Kubernetes cluster might fail when API server not configured to send ROOT certificate
If the Kubernetes cluster is set up in high availability mode and the Kubernetes API server is not configured to send the ROOT certificate as part of the TLS communication setup, backup and restore operations might fail with the following error:
javax.net.ssl.SSLHandshakeExcept ion: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.S unCertPathBuilderException: unable to find valid certification path to requested target
To resolve the error, perform the following steps:
- Copy the root certificate of the Kubernetes cluster to the PowerProtect Data Manager server.
- As an administrator on the
PowerProtect Data Manager server, import the certificate to the
PowerProtect Data Manager trust store by running the following command:
ppdmtool -importcert -alias certificate alias -file file with certificate -type BASE64|PEM
Where:
i or importcert imports the certificate.
a or alias certificate alias is used to specify the alias of the certificate, and certificate alias is in the form hostname:port:root.
f or file file with certificate is used to specify the full path of the file with the certificate.
t or type BASE64|PEM is used to specify the certificate type. The default type is PEM.
NOTE Since the root certificate is in PEM format, this command should not require the type input.
Sample command to import certificate to PowerProtect Data Manager trust store
ppdmtool -importcert -alias apiserver.xyz.com -file root-certificate
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\