Trying to connect to Talend Cloud in Studio (using your credentials), results in the following error message:
Using the same credentials, connecting to TMC in a browser works as expected.
In Studio, the .log file shows the following error message:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
When Studio connects to Talend Cloud, the expected certificate is CN=tds.us.cloud.talend.com, OU=Domain Control Validated signed by CN=Go Daddy Secure Certificate Authority - G2, as shown below:
Version: V3 Subject: CN=tds.us.cloud.talend.com, OU=Domain Control Validated Signature Algorithm: SHA256withRSA, OID = 1.2.840.1135220.127.116.11 .. Validity: [From: Fri Nov 09 03:48:25 PST 2018, To: Sat Nov 09 03:48:25 PST 2019] Issuer: CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
To enforce security, some companies use an intelligent proxy with SSL Forward feature. In this case, the SSL connections from Cloud ends on the proxy, which creates the SSL connections with Studio by issuing a certificate with the same name as the Talend Cloud certificate but signed by its own CA. For more information, see the Palo Alto Network, SSL Forward Proxy page.
Collect the Studio SSL log traces, by following the instructions in the How to collect debug traces for Studio connection to Talend Cloud SSL, KB Community article.
Check for the relevant messages:
certpath: X509CertSelector.match: subject DNs don't match ... main, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown main, WRITE: TLSv1.2 Alert, length = 2 ... main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
You will find that the certificate is causing the problem because the issuer is not in the cacert file used by Studio.
Add the missing CA certificate into the cacert used by Studio.