Installing cosmos db emulator SSL certificate in docker redhat/kafka-connect container

Question

Installing cosmos db emulator SSL certificate in docker redhat/kafka-connect container

1.3k Views Asked by Saurabh khandelwal At 20 October 2024 at 12:38

I did the setup of the Cosmos DB emulator on the local machine, and started with the following parameters:

/port=443 /AllowNetworkAccess /Key=<CosmosPrimaryKey>

And currently, it is accessible via https://<LocalMachineIP>/

When I tried to make a curl request from the docker Redhat container (using docker image: confluentinc/cp-kafka-connect) it throws the below error:

curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

And when trying to crate cosmos DB source connector it throws the below error:

   [20 10:37:45,018] ERROR Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java (com.azure.cosmos.implementation.RxDocumentClientImpl)
    
    [2022-05-20 10:37:45,079] ERROR unexpected failure in initializing client. (com.azure.cosmos.implementation.RxDocumentClientImpl)
    
    java.lang.RuntimeException: Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java
    
    at com.azure.cosmos.implementation.RxDocumentClientImpl.initializeGatewayConfigurationReader(RxDocumentClientImpl.java:401)
    
    .......
    
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    
    at java.base/java.lang.Thread.run(Thread.java:829)
    
    [2022-05-20 10:37:45,095] WARN [8e2a220b, L:/172.25.0.6:57076 ! R:/192.168.154.131:443] The connection observed an error (reactor.netty.http.client.HttpClientConnect)
    
    shaded.io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    
    at shaded.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:477)
    
    ..........
    
    at shaded.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
    
    at shaded.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
    
    at shaded.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    
    at java.base/java.lang.Thread.run(Thread.java:829)
    
    Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    
   .........
    at shaded.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1283)
    
    at shaded.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507)
    
    at shaded.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446)
    
    ... 17 more
    
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
    
   .....................
    
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)
    
    ... 31 more
    
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
    
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
    
    ... 37 more

I have exported the cosmos emulator .cer file using this article.

How to install it in the Docker container "kafka-connect"?

Original Q&A

There are 1 best solutions below

**Muhammad Ahmod** · Answer 1

Can you post your curl request? You need to use the -k flag to denote that it’s insecure.

curl -k https://{emulatoripaddr}:8081/_explorer/emulator.pem > emulatorcert.crt

It needs to be .crt Then copy it to

/usr/local/share/ca-certificates/

Then install it

update-ca-certificates

Additionally you can mount a volume to the cosmos folder and save the .pem manually… /tmp/cosmos/appdata

Installing cosmos db emulator SSL certificate in docker redhat/kafka-connect container

There are 1 best solutions below

Related Questions in DOCKER

Related Questions in APACHE-KAFKA-CONNECT

Related Questions in SELF-SIGNED-CERTIFICATE

Related Questions in AZURE-COSMOSDB-EMULATOR

Trending Questions

Popular # Hahtags

Popular Questions