Add the Power BI certificate to the Java TrustStore

Before you integrate Power BI in Data Catalog, you might need to add the Power BI certificate to the Java TrustStore. If you are experiencing an SSLHandshakeException error, ensure that the Power BI certificate exists in the Java TrustStore and that it's in the correct directory. If the certificate doesn't exist, you need to generate one.

Check if the Power BI certificate exists

Run the following command:
keytool.exe -list -keystore %JAVA_HOME%\jre\lib\cacerts

Important  Ensure that the certificate is in the directory: %JAVA_HOME\jre\lib\cacerts

If the certificate doesn't exist, you need to generate one.

Generate a certificate and add it to the Java TrustStore

Choose your operating system:

  1. Run the following command to extract the certificate from the Power BI Service:
    keytool -printcert -rfc -sslserver <URL of your Power BI server> > powerbi-cert.crt
    A file named powerbi-cert.crt is created in the folder where you run this command.
    Tip The URL of your Power BI server is the value you specify for the tenantDomain property in the lineage harvester configuration file.
  2. Run the following command to find the location of your JAVA_HOME:
    echo %JAVA_HOME%
    The location path will be something like C:\Program Files\Java\jdk-17.0.2.
  3. Add the certificate to the Java TrustStore:
    keytool -importcert -file powerbi-cert.crt -alias "<any meaningful name>" -keystore "C:\Program Files\Java\jdk-17.0.2\cacerts"
  4. Run the following command:
    keytool -list -keystore "C:\Program Files\Java\jdk-17.0.2\lib\security\cacerts" | findstr "PowerBI"

  5. Enter the keystore password.

    Tip The password is typically changeit.
    A list of all certificates that match the Power BI string in the C:\Program Files\Java\jdk-17.0.2\cacerts file is shown.
    Tip In the list of certificates, look for the one that you imported in step 3. If it's listed, it means the C:\Program Files\Java\jdk-17.0.2\cacerts file has the certificate needed to validate the Power BI server.

  1. Run the following command to extract the certificate from the Power BI service:
    openssl x509 -in <(openssl s_client -connect techlin-gcp-us.collibra.com:443 -prexit 2>/dev/null) -out techlin-gcp-us.crt
  2. Run the following command to find the location of your JAVA_HOME:
    echo $JAVA_HOME
    The location path will be something like C:\Program Files\Java\jdk-17.0.2.
  3. Add the certificate to the Java TrustStore:
    keytool -importcert -file <the certificate file> -alias <any meaningful name> -keystore $JAVA_HOME\jre\lib\cacerts -storepass changeit
  4. Run the lineage harvester and refer to the updated Java TrustStore:
    -Djavax.net.ssl.trustStore=<your keystore name>