Failed to Verify the Certificate When Compiling TensorFlow 2.13.0 Source Code
Symptom
When running the TensorFlow 2.13.0 compilation command, a message is displayed stating "unable to find valid certification path to requested target":
INFO: Repository rules_jvm_external instantiated at:
/path/to/tensorflow-2.13.0/WORKSPACE:11:14: in <toplevel>
/path/to/tensorflow-2.13.0/tensorflow/workspace3.bzl:41:17: in workspace
Repository rule http_archive defined at:
/root/.cache/bazel/_bazel_root/dcb36252f49837fd7a0e106d550e0fdb/external/bazel_tools/tools/build_defs/repo/http.bzl:355:31: in <toplevel>
WARNING: Download from https://github.com/bazelbuild/rules_jvm_external/archive/4.3.zip failed: class javax.net.ssl.SSLHandshakeException PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR: An error occurred during the fetch of repository 'rules_jvm_external':
Traceback (most recent call last):
File "/root/.cache/bazel/_bazel_root/dcb36252f49837fd7a0e106d550e0fdb/external/bazel_tools/tools/build_defs/repo/http.bzl", line 125, column 45, in _http_archive_impl
download_info = ctx.download_and_extract(
Error in download_and_extract: java.io.IOException: Error downloading [https://github.com/bazelbuild/rules_jvm_external/archive/4.3.zip] to /root/.cache/bazel/_bazel_root/dcb36252f49837fd7a0e106d550e0fdb/external/rules_jvm_external/temp12676514006209799632/4.3.zip: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR: /path/to/tensorflow-2.13.0/WORKSPACE:11:14: fetching http_archive rule //external:rules_jvm_external: Traceback (most recent call last):
File "/root/.cache/bazel/_bazel_root/dcb36252f49837fd7a0e106d550e0fdb/external/bazel_tools/tools/build_defs/repo/http.bzl", line 125, column 45, in _http_archive_impl
download_info = ctx.download_and_extract(
Error in download_and_extract: java.io.IOException: Error downloading [https://github.com/bazelbuild/rules_jvm_external/archive/4.3.zip] to /root/.cache/bazel/_bazel_root/dcb36252f49837fd7a0e106d550e0fdb/external/rules_jvm_external/temp12676514006209799632/4.3.zip: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
INFO: Repository llvm-raw instantiated at:
/path/to/tensorflow-2.13.0/WORKSPACE:11:14: in <toplevel>
/path/to/tensorflow-2.13.0/tensorflow/workspace3.bzl:50:9: in workspace
/path/to/tensorflow-2.13.0/third_party/llvm/workspace.bzl:10:20: in repo
/path/to/tensorflow-2.13.0/third_party/repo.bzl:136:21: in tf_http_archive
Repository rule _tf_http_archive defined at:
/path/to/tensorflow-2.13.0/third_party/repo.bzl:89:35: in <toplevel>
INFO: Repository tf_runtime instantiated at:
/path/to/tensorflow-2.13.0/WORKSPACE:11:14: in <toplevel>
/path/to/tensorflow-2.13.0/tensorflow/workspace3.bzl:18:15: in workspace
/path/to/tensorflow-2.13.0/third_party/tf_runtime/workspace.bzl:12:20: in repo
/path/to/tensorflow-2.13.0/third_party/repo.bzl:136:21: in tf_http_archive
Repository rule _tf_http_archive defined at:
/path/to/tensorflow-2.13.0/third_party/repo.bzl:89:35: in <toplevel>
ERROR: no such package '@rules_jvm_external//': java.io.IOException: Error downloading [https://github.com/bazelbuild/rules_jvm_external/archive/4.3.zip] to /root/.cache/bazel/_bazel_root/dcb36252f49837fd7a0e106d550e0fdb/external/rules_jvm_external/temp12676514006209799632/4.3.zip: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
INFO: Elapsed time: 19.139s
INFO: 0 processes.
FAILED: Build did NOT complete successfully (0 packages loaded)
Key Process and Cause Analysis
Key error information: The valid certificate path of the requested target is not found when the LLVM dependency is downloaded.
1 | PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target |
Root cause analysis: The security certificate is not imported.
Conclusion and Solution
- Export a valid certificate using a browser.
- Import the certificate exported from the browser to the server.
- Upload the certificate to the server.
- Import the certificate.
1keytool -import -alias tf_need -keystore /usr/lib/jvm/java-11-openjdk-11.0.21.9-1.oe2203sp3.aarch64/lib/security/cacerts -file ca.crt -trustcacerts -storepass changeit -noprompt
- Parameter description:
- -alias: specifies the alias (user-defined).
- -keystore: specifies the storage file, which is in the java/lib/security directory. (Replace this directory with the actual one.)
- -file: specifies the certificate file (absolute path + file name).
- -storepass: specifies the storage password. It is changeit by default. This password is required when you query or delete configurations.
- -trustcacerts: adds the trusted CA certificate to the keystore.
- -noprompt (optional): disables the prompt message.
- The default password of the cacerts certificate store is changeit. (If the password has been changed, use the new password.)
- Parameter description:
- Check whether the certificate is successfully imported.
1keytool -list -storepass changeit -keystore /usr/lib/jvm/java-11-openjdk-11.0.21.9-1.oe2203sp3.aarch64/lib/security/cacerts | grep tf_need
The command output shows that the certificate already exists and the import is successful.
If the import has an error, delete the imported certificate and import it again.
1keytool -delete -storepass changeit -keystore /usr/lib/jvm/java-11-openjdk-11.0.21.9-1.oe2203sp3.aarch64/lib/security/cacerts -alias tf_need
- Restart the server for the configuration to take effect.
1reboot
- If the preceding steps involve configuring temporary environment variables, reconfigure them after the restart.
- Recompile TensorFlow.
1 2
bazel clean bazel build //tensorflow/tools/pip_package:build_pip_package
Parent topic: Troubleshooting