KNOWLEDGE BASE

Error "Peer certificate cannot be authenticated with given CA certificates" When Connecting to Presto Using LDAP Authentication


Published: 21 May 2020
Last Modified Date: 21 Jul 2020

Issue

When connecting Tableau Desktop to a Presto database using LDAP authentication, the following error may occur:

[Simba][Presto] (1020) Error with HTTP API at https://<server address>:8443/v1/statement : Peer certificate cannot be authenticated with given CA certificates'

Environment

  • Tableau Desktop
  • Presto

Resolution

Apply a .tdc file to allow the use of a self-signed certificate and to configure the certificate file path. For example:
  1. Download the sample .tdc file attached to this article, open the file in a text editor, and update the file with the certificate file path.
  2. Save the .tdc file to the Datasources sub-folder in your 'My Tableau Repository' folder.

On a Mac computer, either OpenSSL or Keychain Access can be used to obtain the certificate chain file, which is a concatenation of all of x509 PEM-encoded certificates that form the certificate chain for the database server certificate. For example:
  1. Open the URL in Google Chrome, and click on the 'View site information' (padlock) button > Certificate, to view the certificate details, which includes the certificate chain (or certificate path).
  2. To export each certificate in the certificate chain, select the certificate in the chain, and drag the certificate from the lower half of the dialog box onto your desktop.
  3. To convert each certificate from binary DER encoding to x509 PEM encoding, add the certificate to the system keychain using Keychain Access, and then export it in the 'Privacy Enhanced Mail (.pem)' file format.
  4. To create the certificate chain file, open each PEM-encoded certificate file in a text editor (e.g. TextEdit), and combine the contents of each file, including the beginning and end tags on each certificate. The result should look like this:
    -----BEGIN CERTIFICATE-----
    (cert1.pem)
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    (cert2.pem)
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    (cert3.pem)
    -----END CERTIFICATE-----
Note: In the above example, cert1.pem is the server certificate (at the bottom of the certificate path).

 

Cause

The server SSL certificate could not be validated. This may be due to the use of a self-signed certificate on the database server, or for Tableau Desktop on macOS, the certificate chain file is required.
 
Did this article resolve the issue?