I have a spring batch application configured with docker-compose.yml. To run the project there is a run.sh file and it spinup several containers. DB container gets up and running without issues. But the container which runs the spring application fails with the below error.
Could not resolve all artifacts for configuration ':classpath'.
> Could not download spring-boot-gradle-plugin-2.5.4.jar (org.springframework.boot:spring-boot-gradle-plugin:2.5.4)
> Could not get resource 'https://plugins.gradle.org/m2/org/springframework/boot/spring-boot-gradle-plugin/2.5.4/spring-boot-gradle-plugin-2.5.4.jar'.
> Could not GET 'https://plugins.gradle.org/m2/org/springframework/boot/spring-boot-gradle-plugin/2.5.4/spring-boot-gradle-plugin-2.5.4.jar'.
> The server may not support the client's requested TLS protocol versions: (TLSv1.2, TLSv1.3). You may need to configure the client to allow other protocols to be used. See: https://docs.gradle.org/7.2/userguide/build_environment.html#gradle_system_properties
> PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> Could not download sonarqube-gradle-plugin-3.3.jar (org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:3.3)
> Could not get resource 'https://plugins.gradle.org/m2/org/sonarsource/scanner/gradle/sonarqube-gradle-plugin/3.3/sonarqube-gradle-plugin-3.3.jar'.
> Could not GET 'https://plugins.gradle.org/m2/org/sonarsource/scanner/gradle/sonarqube-gradle-plugin/3.3/sonarqube-gradle-plugin-3.3.jar'.
`
But I can download those jar files from my local machine. So jars are residing in those locations. I think this container can't access the internet to download these files. There's no way to use a terminal inside the container to execute a ping command since it is exiting right after giving this error. (But I pinged google.com in DB container and it worked.So this problem is only for that particular container)
There was a workaround to add this rootProject.buildFileName = 'build.gradle.kts' in settings.gradle. But then it says Task 'bootRun' not found in root project '*'. So I think no use in this workaround and what I want to solve is the network connection issue of the container.
Issue was with this part of the error msg: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
To fix, you have to download the certificate of https://plugins.gradle.org/ and add that to cacerts file of the jdk (refer this link to see how to install the certificate)
Since I had this problem inside a container I manually replaced the cacerts file inside the container with the local cacerts file (which already contains the certificate of gradle.org).
So this whole problem is with the jdk image which was used to create the container.
Related
I am trying to install native-image for my GraalVM in Windows environment. In cmd, I used the below command,
gu install native-image
But it shows this error,
Downloading: Release index file from oca.opensource.oracle.com
Error: Error reading component list: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
As the error states your environment from which gu is estabilishing a secure connection to the remote repository cannot verify the certification path of the repository. In other words your JVM does not trust oca.opensource.oracle.com.
The $JAVA_HOME/lib/security/cacerts file contains the collection of trusted CA used by JVM when running gu. Apparently this file in your JDK is missing the certificate chain of your repository.
Adding new trusted certificate
Download oca.opensource.oracle.com repository's root certificate.
Open $JAVA_HOME/lib/security/cacerts file in elevated mode with e.g. KeyStore Explorer or modify it with keytool. Default password is changeit.
Add new trusted CA from 1.
Save and close.
Useful sources
SSL and cert keystore
Difference Between a Java Keystore and a Truststore
In our organization the issue was in the man-in-the-middle SSL firewall product as mentioned by prunge.
Jenkins unable to download xamarin dependency from dl.google.com / maven.google.com
Download failure reason: Unable to connect to the remote server
Project stack
Dotnet Xamarin android application
Error
Downloading https://dl.google.com/dl/android/maven2/com/google/firebase/firebase-core/16.0.1/firebase-core-16.0.1.aar to C:\Windows\system32\config\systemprofile\AppData\Local\XamarinBuildDownloadCache\googlefb-16.0.1/firebasecore.aar
C:\Windows\system32\config\systemprofile\.nuget\packages\xamarin.build.download\0.8.0\build\Xamarin.Build.Download.targets(52,3): error XBD001: Download failed. Please download https://dl.google.com/dl/android/maven2/com/google/firebase/firebase-core/16.0.1/firebase-core-16.0.1.aar to a file called C:\Windows\system32\config\systemprofile\AppData\Local\XamarinBuildDownloadCache\googlefb-16.0.1/firebasecore.aar. [D:\myfolder\Jenkins\workspace\projectname\project\project.Android\project.Android.csproj]
Download failure reason: Unable to connect to the remote server
Downloading https://maven.google.com/com/crashlytics/sdk/android/crashlytics-core/2.6.3/crashlytics-core-2.6.3.aar to C:\Windows\system32\config\systemprofile\AppData\Local\XamarinBuildDownloadCache\crashlyticscore-2.6.3.aar
C:\Windows\system32\config\systemprofile\.nuget\packages\xamarin.build.download\0.8.0\build\Xamarin.Build.Download.targets(52,3): error XBD001: Download failed. Please download https://maven.google.com/com/crashlytics/sdk/android/crashlytics-core/2.6.3/crashlytics-core-2.6.3.aar to a file called C:\Windows\system32\config\systemprofile\AppData\Local\XamarinBuildDownloadCache\crashlyticscore-2.6.3.aar. [D:\myfolder\Jenkins\workspace\projectname\project\project.Android\project.Android.csproj]
Download failure reason: Unable to connect to the remote server
I have tried configured corporate proxy in Jenkins. it works on the proxy configuration page but throws an error while building code. See in the below screenshot.
I am setting up JMeter 4.0 for load testing in the cloud (GCE). I am creating VM images for the master and slave with the only difference being the slaves run jmeter-server on boot. I ran bin/create-rmi-keystore.sh per http://jmeter.apache.org/usermanual/remote-test.html#setup_ssl and ensured the .jks file is on the master/client and all the slaves.
Now, when I create multiple slave instances (new slave IPs), the load test fails due to SSL errors -
Configuring remote engine: 10.150.0.11
error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Failed to configure 10.150.0.11
Can I avoid having to manually regenerate the keystore every time I plan a test run?
If you have created rmi_keystore.jks on your master , copy that on your slave's bin directory. You can restart jmeter-server.bat on slave after that.
I just downloaded and installed the latest version of Android Studio (3.0.1) at work to start a new tablet project. During setup it needed me to enter my proxy server information which I did. I created an empty project and it asked me to accept or reject a couple of certificates one from Google Inc (*.google.com) and another from JetBrains s.r.o. (plugins.jetbrains.com). I accepted them and they now show up in Settings -> Tools -> Server Certificates. It has been able to download a number of packages, but after everything appears to be installed I get a message "Gradle project sync failed. Basic functionality will not work properly."
There are a number of error messages that look like this:
Unable to resolve dependency for ':app#debug/compileClasspath': Could not resolve com.android.support:appcompat-v7:26.1.0.
Could not resolve com.android.support:appcompat-v7:26.1.0.
Required by:
project :app
> Could not resolve com.android.support:appcompat-v7:26.1.0.
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/support/appcompat-v7/26.1.0/appcompat-v7-26.1.0.pom'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/support/appcompat-v7/26.1.0/appcompat-v7-26.1.0.pom'.
> dl.google.com
I tried adding http and https proxy server information to the 'gradle.properties' as suggested here.
That changed the error message to this:
Unable to resolve dependency for ':app#debug/compileClasspath': Could not resolve com.android.support:appcompat-v7:26.1.0.
Could not resolve com.android.support:appcompat-v7:26.1.0.
Required by:
project :app
> Could not resolve com.android.support:appcompat-v7:26.1.0.
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/support/appcompat-v7/26.1.0/appcompat-v7-26.1.0.pom'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/support/appcompat-v7/26.1.0/appcompat-v7-26.1.0.pom'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> unable to find valid certification path to requested target
Further digging came up with this. Adding the URL to FireFox allows me to download the appcompat-v7-26.1.0.pom file but does not provide a "HTTPS certificate chain" to export a certificate from. I am also not sure where I am supposed to get the keytool mentioned as well.
To verify that it is the proxy setup that is causing the problem I took my laptop home. Using my home network and turning off the HTTP Proxy caused a 3rd error (connection timed out) which was fixed by clearing the certificates. So it appears that the certificates accepted in Android Studio are used by at least part of the process. Now that I am back at work everything seems to work just fine.
There must be others out there running Android Studio with an HTTP Proxy set. What is the "correct" way of fixing this?
I replaced the file
C:\Program Files\Android\Android Studio\jre\jre\lib\security>\cacerts
with the file from the jre (%JAVA_HOME%\lib\security\cacerts).
The certificates in the new cacerts file directed the android jre to go through the proxy server.
When try to connect to update sites under help->Install New Software I get:
Unable to read repository at https://dl.google.com/eclipse/plugin/4.4/content.xml.
Unable to read repository at https://dl.google.com/eclipse/plugin/4.4/content.xml.
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have tried to import the certificate into the truststore as well as set it in the sts.ini file but to no avail.
Any help greatly appreciated!
I encountered a similar issue while trying to add templates to STS (3.6.2). The issue was my organization's usage of an SSL inspection tool that presents its certificate instead of the real one (GitHub.com).
The solution was to export the SSL inspection's certificate (using IE for example) and add it to the cacerts file. Use this article for the procedure.
Then update the sts.ini file and add the following lines:
-Djavax.net.ssl.trustStore=C:\Program Files\Java\jdk1.7.0_07\jre\lib\security\cacerts
-Djava.net.ssl.trustStorePassword=changeit
Finally - restart STS.