embulk-output-bigquery ssl error

gistfile1.txt

2016-08-12 11:54:33.870 +0900 [INFO] (0001:transaction): Loaded plugin embulk-input-mysql (0.7.2)
2016-08-12 11:54:43.060 +0900 [INFO] (0001:transaction): Loaded plugin embulk-output-bigquery (0.3.6)
2016-08-12 11:54:43.127 +0900 [INFO] (0001:transaction): Fetch size is 10000. Using server-side prepared statement.
2016-08-12 11:54:43.585 +0900 [INFO] (0001:transaction): ...
2016-08-12 11:54:43.700 +0900 [INFO] (0001:transaction): Using local thread executor with max_threads=2 / tasks=1
2016-08-12 11:54:44.123 +0900 [INFO] (0001:transaction): embulk-output-bigquery: Get dataset... xxx 
2016-08-12 11:54:44.131 +0900 [DEBUG] (0001:transaction): embulk-output-bigquery: client_options: {:application_name=>"Embulk BigQuery plugin", :application_version=>"0.0.0", :proxy_url=>nil, :use_net_http=>false}
2016-08-12 11:54:44.134 +0900 [DEBUG] (0001:transaction): embulk-output-bigquery: request_options: {:authorization=>nil, :retries=>5, :header=>nil, :timeout_sec=>300, :open_timeout_sec=>300}
D, [2016-08-12T11:54:44.793000 #23735] DEBUG -- : Sending HTTP get https://www.googleapis.com/bigquery/v2/projects/xxx
D, [2016-08-12T11:54:50.775000 #23735] DEBUG -- : Caught error sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
D, [2016-08-12T11:54:50.786000 #23735] DEBUG -- : Error - #<Hurley::SSLError: OpenSSL::SSL::SSLError>

https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html
http://confluence.goldpitcher.co.kr/pages/viewpage.action?pageId=160694688
https://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/

上記あたりをみながらInstallCertで証明書を入れたがだめだった

[root@app-dev3 test]# java InstallCert www.googleapis.com:443
Loading KeyStore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.101-3.b13.24.amzn1.x86_64/jre/lib/security/cacerts...
Opening connection to www.googleapis.com:443...
Starting SSL handshake...

javax.net.ssl.SSLException: java.lang.UnsupportedOperationException
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906)
    at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at InstallCert.main(InstallCert.java:87)
Caused by: java.lang.UnsupportedOperationException
    at InstallCert$SavingTrustManager.getAcceptedIssuers(InstallCert.java:171)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1035)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:981)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:923)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    ... 2 more

Server sent 3 certificate(s):

 1 Subject CN=*.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US
   Issuer  CN=Google Internet Authority G2, O=Google Inc, C=US
   sha1    2e 3e 28 3b b8 6e 07 4c c6 4f c2 eb 02 06 6a fd 02 80 44 5c 
   md5     bc 77 1b e0 cf 90 14 a4 d3 7b ed a2 f6 3d b1 24 

 2 Subject CN=Google Internet Authority G2, O=Google Inc, C=US
   Issuer  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
   sha1    d6 ad 07 c6 67 56 30 f5 7b 92 7f 66 be 8c e1 f7 68 f8 79 48 
   md5     c5 6f 1a 63 b8 17 b7 31 89 34 c0 6e c5 ab b5 b3 

 3 Subject CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
   Issuer  OU=Equifax Secure Certificate Authority, O=Equifax, C=US
   sha1    73 59 75 5c 6d f9 a0 ab c3 06 0b ce 36 95 64 c8 ec 45 42 a3 
   md5     2e 7d b2 a3 1d 0e 3d a4 b2 5f 49 b9 54 2a 2e 1a 

Enter certificate to add to trusted keystore or 'q' to quit: [1]
^C[root@app-dev3 test]# java InstallCert www.googleapis.com:443^Cvi^C
[root@app-dev3 test]# vi InstallCert.java
[root@app-dev3 test]# javac InstallCert.java
[root@app-dev3 test]# java InstallCert www.googleapis.com:443
Loading KeyStore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.101-3.b13.24.amzn1.x86_64/jre/lib/security/cacerts...
Opening connection to www.googleapis.com:443...
Starting SSL handshake...

No errors, certificate is already trusted

Server sent 3 certificate(s):

 1 Subject CN=*.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US
   Issuer  CN=Google Internet Authority G2, O=Google Inc, C=US
   sha1    2e 3e 28 3b b8 6e 07 4c c6 4f c2 eb 02 06 6a fd 02 80 44 5c 
   md5     bc 77 1b e0 cf 90 14 a4 d3 7b ed a2 f6 3d b1 24 

 2 Subject CN=Google Internet Authority G2, O=Google Inc, C=US
   Issuer  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
   sha1    d6 ad 07 c6 67 56 30 f5 7b 92 7f 66 be 8c e1 f7 68 f8 79 48 
   md5     c5 6f 1a 63 b8 17 b7 31 89 34 c0 6e c5 ab b5 b3 

 3 Subject CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
   Issuer  OU=Equifax Secure Certificate Authority, O=Equifax, C=US
   sha1    73 59 75 5c 6d f9 a0 ab c3 06 0b ce 36 95 64 c8 ec 45 42 a3 
   md5     2e 7d b2 a3 1d 0e 3d a4 b2 5f 49 b9 54 2a 2e 1a 

Enter certificate to add to trusted keystore or 'q' to quit: [1]


[
[
  Version: V3
  Subject: CN=*.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 25343896809638975929965490031929628563951031328967267642085727037014078010420164206782722397230672160276134634727481839698948233588608449596050558374654670979214234503223123136007172043467904569422691619095571469861359657807931790220340806323806511497456312893975094668393117384148730519145826953194035142794654778861172127869413638409845977439622060461953477650859977652092735451445711081673187465373638390777626193758675680565294171860722306768582870961503028269153120240252932233807441452062356180487749061211627174882440561718647134718711832477962165612466767687809900495296253258810257372991282171862566834377621
  public exponent: 65537
  Validity: [From: Sun Aug 07 03:21:37 JST 2016,
               To: Fri Oct 28 02:58:00 JST 2016]
  Issuer: CN=Google Internet Authority G2, O=Google Inc, C=US
  SerialNumber: [    419ab3e9 f446a536]

Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: http://pki.google.com/GIAG2.crt
, 
   accessMethod: ocsp
   accessLocation: URIName: http://clients1.google.com/ocsp
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4A DD 06 16 1B BC F6 68   B5 76 F5 81 B6 BB 62 1A  J......h.v....b.
0010: BA 5A 81 2F                                        .Z./
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://pki.google.com/GIAG2.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1]
[]  ]
  [CertificatePolicyId: [2.23.140.1.2.2]
[]  ]
]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[7]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: *.googleapis.com
  DNSName: *.clients6.google.com
  DNSName: *.cloudendpointsapis.com
  DNSName: cloudendpointsapis.com
  DNSName: googleapis.com
]

[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7F 88 A8 83 58 F9 DC 40   E9 6E 0C D8 25 94 21 FC  [email protected]..%.!.
0010: 23 72 10 F4                                        #r..
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 40 53 88 03 63 B3 BF 85   4E 6D 56 7B 0B 85 C0 30  @S..c...NmV....0
0010: AE 8D A4 15 E3 33 CC 50   40 B5 96 81 AD AF 73 09  [email protected].
0020: 2B 93 00 A0 E7 03 55 31   F1 06 01 C2 74 7A 4B 4A  +.....U1....tzKJ
0030: 99 D5 2D 84 3B 72 17 3A   DD 5D 0D 84 8B 8B AE A9  ..-.;r.:.]......
0040: FC 31 B9 AC D3 99 95 B4   9C 29 AE 74 F2 D4 92 D8  .1.......).t....
0050: 3D E0 D8 10 F7 56 D2 5B   0D 10 30 EE 14 30 5E A0  =....V.[..0..0^.
0060: 15 23 43 8D 9C 1E 51 2A   F8 EB 1D 19 CA 36 D7 DE  .#C...Q*.....6..
0070: 96 F7 57 55 A8 86 5B 63   CA B0 E3 BB 71 63 E3 DD  ..WU..[c....qc..
0080: F7 31 40 07 B2 1F F8 D3   30 F5 F9 0D 4D FA DA 7F  [email protected]...
0090: 57 9B 65 B1 5A DC F7 36   A8 FA 88 6B E6 BC 2E B9  W.e.Z..6...k....
00A0: 24 86 33 47 3C 8F 76 FB   99 BC C5 80 B9 16 79 53  $.3G<.v.......yS
00B0: 9B 56 C6 FE 8B E5 48 73   F9 BE 6E 95 7E F4 33 C1  .V....Hs..n...3.
00C0: C2 E7 7C 82 51 5A 17 79   31 71 1E B5 F8 FC B7 A5  ....QZ.y1q......
00D0: BD 09 60 CC 0C 4D 19 08   0C 4A 3C 1D 95 1F 65 66  ..`..M...J<...ef
00E0: AB 3C 35 96 9B 34 15 A1   6B A0 CC E9 48 73 BC C7  .<5..4..k...Hs..
00F0: D7 ED 90 D7 F7 2C DC A1   CE 40 47 5A 9E 4F CE 2C  .....,[email protected].,

]

Added certificate to keystore 'jssecacerts' using alias 'www.googleapis.com-1'

エラーは同じで以下

D, [2016-08-12T12:54:00.373000 #32350] DEBUG -- : Sending HTTP get https://www.googleapis.com/bigquery/v2/projects/xxx
D, [2016-08-12T12:54:06.549000 #32350] DEBUG -- : Caught error sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
D, [2016-08-12T12:54:06.562000 #32350] DEBUG -- : Error - #<Hurley::SSLError: OpenSSL::SSL::SSLError>