Deploying Azure function getting javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem

A A 1 Reputation point
2022-10-14T21:28:07.27+00:00

I am deploying via mvn azure-functions:deploy, I have deployed this code previously but now I am getting an:

azure-functions-archetype: list supported regions of resource type (sites): javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Not sure why getting this on the deploy all of a sudden.

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,197 questions
{count} votes

2 answers

Sort by: Most helpful
  1. MughundhanRaveendran-MSFT 12,481 Reputation points
    2022-10-18T05:52:33.197+00:00

    Hi @A A ,

    Thanks for reaching out to Q&A.

    This exception would occur when there is a SSL handshake failure. Try running the openssl.exe commands from your machine by specifying the tls version to check the connectivity to the function app. Also please check the compatible version of the TLS and set the TLS version accordingly in the Function app configuration page in portal.

    Run the SSL test in the SSL labs website by providing the functionname.azurewebsites.net url in the hostname. Make of not of the list of cipher suites that you get in the test result and compare it with the cipher suite of your local app. See if there are any cipher suite that is matching.

    251442-image.png

    After this, you can check the Handshake simulations that are generated as a part of the SSL labs test and check if any connections got rejected. From this test, you can figure out what is wrong with the SSL handshake.

    251483-image.png

    Hope this helps! Feel free to reach out to me if you have any queries or concerns.


  2. Chakraborty, Indranil 1 Reputation point
    2022-12-02T19:36:52.23+00:00

    I faced a similar issue and turns out it was because of the corporate VPN which was MITMing the TLS session and therefore the SSLException was being raised. If you are on a VPN or similar and have a solution like NetSkope or similar, you should disable and retry.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.