how to remove self signed certificates on Mac OS - macos

How to remove self signed certificates from ssl certificate on Mac? I am using macOS Mojave 10.14.6. Some time back, as per the given project instructions I have added a certificate. Now I did not remember those steps, but because of that maven central is using the certificate from custom trust store instead from certification authority. Because of this I am getting the below error when I run ./mvnw, can any one help me how can I figure out that self signed certificate and remove it so that maven starts using from certification authority instead from custom trust store?
$ ./mvnw
Exception in thread "main" javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Related

GraalVM windows native-image installation Problem

I am trying to install native-image for my GraalVM in Windows environment. In cmd, I used the below command,
gu install native-image
But it shows this error,
Downloading: Release index file from oca.opensource.oracle.com
Error: Error reading component list: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
As the error states your environment from which gu is estabilishing a secure connection to the remote repository cannot verify the certification path of the repository. In other words your JVM does not trust oca.opensource.oracle.com.
The $JAVA_HOME/lib/security/cacerts file contains the collection of trusted CA used by JVM when running gu. Apparently this file in your JDK is missing the certificate chain of your repository.
Adding new trusted certificate
Download oca.opensource.oracle.com repository's root certificate.
Open $JAVA_HOME/lib/security/cacerts file in elevated mode with e.g. KeyStore Explorer or modify it with keytool. Default password is changeit.
Add new trusted CA from 1.
Save and close.
Useful sources
SSL and cert keystore
Difference Between a Java Keystore and a Truststore
In our organization the issue was in the man-in-the-middle SSL firewall product as mentioned by prunge.

Warning: unable to build chain to self-signed root for signer "Developer ID Application: xxxxxx: errSecInternalComponent

I am trying to migrate our build server to a new machine.
I exported the certificate and imported it on the new machine.
But when I get error when I am trying to run codesign
Warning: unable to build chain to self-signed root for signer "Developer ID Application: xxxxxxx"./workspace/onCourseServer.app: errSecInternalComponent
I tried deleting the certificate and reimporting it, adding always trust; I also tried regenerating the certificate and using the new certificate on the new mac. But none of them worked. I am still getting the same error.
The new mac is running the mojave.

Packaging AIR application. Trouble with signing

Have some troubles with keystore file.
I make a request for certificate, using Keychain app.
Then I added a certificate in developer.apple site, using my request for certificate.
Then I downloaded certificate, and imported it into Keychain app.
Then I exported *.p12 file from this certificate, using Keychain assistant.
And this *.p12 file I am using to package my app. And when I do so, it raise an error:
Failed to package AIR application MyApp.app:
Unable to build a valid certificate chain for the signer.
Then I found this guy http://scottgaertner.com/code_signing/
And using his guide, I had a new error:
Failed to package AIR application MyApp.app:
Packaging failed. Packager internal error
Can anyone give me some advices?
I am using IntelliJ IDEA 14
UPD: Flash Builder 4.7 throws same error

Spring Tool Suite can't connect to Update site using SSL (HTTPS)

When try to connect to update sites under help->Install New Software I get:
Unable to read repository at https://dl.google.com/eclipse/plugin/4.4/content.xml.
Unable to read repository at https://dl.google.com/eclipse/plugin/4.4/content.xml.
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have tried to import the certificate into the truststore as well as set it in the sts.ini file but to no avail.
Any help greatly appreciated!
I encountered a similar issue while trying to add templates to STS (3.6.2). The issue was my organization's usage of an SSL inspection tool that presents its certificate instead of the real one (GitHub.com).
The solution was to export the SSL inspection's certificate (using IE for example) and add it to the cacerts file. Use this article for the procedure.
Then update the sts.ini file and add the following lines:
-Djavax.net.ssl.trustStore=C:\Program Files\Java\jdk1.7.0_07\jre\lib\security\cacerts
-Djava.net.ssl.trustStorePassword=changeit
Finally - restart STS.

self-signed SSL certificate error: certificate has invalid digital signature

I have a c# program and part of it creates a self-signed certificate.
The problem is when i try to import the certificate in MMC it says "This certificate has an invalid digital signature."
And when i try to add this certificate through command prompt using netsh http add it says:
SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated.
I've tried all suggestions from other questions similar to this but to no luck.
I've also tried downloading Hotfix from Microsoft but it didnt work.
By the way, my machine is running in Windows7-64bit.
I ran into an answer here The basic issue is that DC authority cert creators get sloppy and create multiple certs for the same DC cert authority. I had my self-signed cert created using latest and grates DC cert authority certificate. I had to export and install both root cert and a self signed cert on my destination machine for it to recognize self signed cert used on the server. But the root cert I exported was a cert with the same name but different dates. Once I located the proper root cert and installed it on my destination computer everything worked flawlessly.
In my case it was due to an old self signed certificate with a small key length.
I found the solution here - https://security.stackexchange.com/a/82606/26742 to reduce the security (only in my dev environment)
certutil -setreg chain\minRSAPubKeyBitLength 512

Resources