Looking to use metabase to connect to an AWS Redshift cluster through a local proxy ie using localhost as the connection host. I get the following error
SSL error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I can use an normal PG client using the same proxy and connection info to connect to redshift without issue.
Anything specific that needs to be set?
So if you have a proxy, then you would need to add all certificate to the Java TrustStore, otherwise it would of course fail the security of certificate host validation.
I would recommend that use a SSH tunnel instead. But I don't quite understand your setup.
hey @flamber, thanks for the quick answer. So the setup is that we are using a local proxy so that we can reduce our reliance on VPN/Bastion type solutions. The particular solution we have runs a client on our workstations, which proxies to the actual resource, for example, once we have the redshift resource defined within the proxy application (with the actual redshift information), the client proxies that to localhost:random port. So I use my client of choice and connect to localhost on the defined port. I was able to do this with other tools to the same proxy definition for redshift without issue. Is there a way to have metabase ignore the certificate requirement (even if its not advised)?
@sjamesbond Metabase will always use SSL for Redshift, but perhaps you can add "Additional JDBC connection string options" in Admin > Databases > (your-db), so the certificate is ignored.
Otherwise you would need to add the certificate of your proxy to the Java TrustStore, which Metabase can read during startup.