Scanner HTTPS Configuration

IBM Automatic Data Lineage can be connected to many technologies (e.g., Power BI, Tableau, StreamSets) via HTTPS. The connection works properly out of the box when using a server with a certificate issued by a trustworthy certificate authority.

However, sometimes the connection to an HTTPS site results in an error like this.

Tableau connection failed. Unable to connect to Tableau server. Failed to execute HTTP request to Tableau server. javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This error appears because Automatic Data Lineage can’t validate the certificate the server is using to prove its identity. This happens mostly when connecting to on-premises servers that use a self-signed certificate or a certificate signed by an unknown certificate authority. In such cases, the certificate must be added to a Java TrustStore, from which Automatic Data Lineage can read it.

All technologies have a common truststore configuration located on the Configuration tab under CLI → Common → Common Config. The truststore setting property name is Manta Flow CLI System Connectors Settings. The truststore will not be distributed when installed with Automatic Data Lineage; it should be created when required.

This guide is intended only for scanners that use an HTTPS connection (not JDBC or any other secured connection).
Note that Automatic Data Lineage has no means of validating the origin of the certificate. It is the sole responsibility of the user importing the certificate to make sure that the certificate is the one desired and Automatic Data Lineage should trust it.

Adding the Certificate

You can add the certificate using Manta Admin GUI by following these steps.

  1. Open the configuration where the truststore configuration is located.

  2. Click on Edit (on the upper right) and the Edit button will appear for the truststore settings property (as you can see in the picture below).

  3. Click on the Edit button for the truststore settings and the Edit Truststore Settings window will open.

  4. Click on Add Entry and the Add Entries window will open.

  5. Obtain the certificate.

    1. If you already have it (e.g., it was provided by your IT department), simply upload it.

    2. If you do not have it, Automatic Data Lineage can automatically extract it from the URL of the service you are connecting to. Click on Provide a Link from the Page, enter the URL of your HTTPS server (e.g., https://powerbi.mycompany.com:8443/BIReports/browse/), and then click on Load.

  6. Choose a certificate by clicking on the checkbox on the left. You have the option to rename its alias, and finally, click on Confirm.

  7. The certificate has now been added. You can open your connection and validate it to ensure that there aren’t any certificate-related errors anymore.

It is also possible to configure Automatic Data Lineage to use a different TrustStore file. This can be done by clicking on the Advanced tab and changing the path and password to the truststore.
All certificates from the Java default truststore are also loaded by Automatic Data Lineage. However, depending on how Java is updated in your environment, changes to the Java default truststore may be discarded during the upgrade.

No alt text provided

No alt text provided

The truststore settings dialog opens when you click on Edit