I have the error below when my gateway execute an event script.
My script works when I use the script console on the designer.
I use my designer directly on my gateway server.
Do you know what it means ?
com.inductiveautomation.ignition.common.script.JythonExecException: Traceback (most recent call last): File "", line 31, in IOError: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.python.core.Py.fromIOException(Py.java:215)
at org.python.core.Py.IOError(Py.java:178)
at com.inductiveautomation.ignition.common.script.builtin.AbstractNetUtilities.httpGet(AbstractNetUtilities.java:258)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:186)
at com.inductiveautomation.ignition.common.script.ScriptManager$ReflectedInstanceFunction.__call__(ScriptManager.java:438)
at org.python.core.PyObject.__call__(PyObject.java:387)
at org.python.core.PyObject.__call__(PyObject.java:391)
at org.python.pycode._pyx1.f$0(:36)
at org.python.pycode._pyx1.call_function()
at org.python.core.PyTableCode.call(PyTableCode.java:165)
at org.python.core.PyCode.call(PyCode.java:18)
at org.python.core.Py.runCode(Py.java:1275)
at com.inductiveautomation.ignition.common.script.ScriptManager.runCode(ScriptManager.java:657)
at com.inductiveautomation.ignition.common.script.ScriptManager.runCode(ScriptManager.java:616)
at com.inductiveautomation.ignition.common.script.TagChangeScriptExecutor$TagChangeExecutionCallback.execute(TagChangeScriptExecutor.java:187)
at com.inductiveautomation.ignition.common.script.TagChangeScriptExecutor$TagChangeExecutionCallback.execute(TagChangeScriptExecutor.java:134)
at com.inductiveautomation.ignition.common.util.SerialExecutionQueue$PollAndExecute.run(SerialExecutionQueue.java:99)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.python.core.PyException: Traceback (most recent call last): File "", line 31, in IOError: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
... 26 common frames omitted
It means that the certificate of the server isn't trusted by the client.
It's interesting that it works on the script console but not in the gateway. This could be because the version of the JDK running the Designer has the root in its trust store but the different version of the JDK running the Gateway does not. Whether this is because one is out of date or because you've explicitly added it to one of them is unknown.
You also marked this 7.9, which means the Designer could have been launched with a Java installed on the system, which could be paying attention to system proxy settings in some way that manners.
You have to import the certificate into the keystore at $JAVA_HOME/jre/lib/security/cacerts or something like that. You'll have to use either keytool or something like KeyStore Explorer. I believe the default password is changeit.
You need to import the root CA of the chain signing this server's certificate, not the server certificate itself, unless it's a self-signed certificate.
If you're talking about a public domain signed by Let's Encrypt then it should be trusted already, unless you're signing using one of the older/expired LE roots.
Can you provide a copy of the certificate chain for this server? Did you check which version of Java is running the Ignition Gateway?
I will attempt to clarify: Kevin said: "Everything BUT the privKey" In this case, the word but is a negation term meaning send a copy of the certificate chain for this server but do NOT include the privkey.
Okay, well that version should already have the ISRG Root X1 certificate in its trusted root list, but you might want to try importing it anyway just in case. Or upgrade to the latest JDK 8.
The other times we've seen issues like this is when on a corporate network with a nosy firewall or security appliance that is injecting a certificate signed by a corporate CA so it can MITM SSL/TLS traffic. This is trickier to diagnose, so you might chase the other option down first.
