I am trying to get Mender.io working, a remote updating system.
I just want to see the device appear on the server, somehow thats not happening.
I installed mender from source on apalis imx6, I am trying to run it like :
mender -daemon
It starts up fine, then gives me the following errors :
INFO[0180] State transition: check-wait [Idle] -> inventory-update [Sync] module=mender
ERRO[0180] Cannot determine current artifact. Update will continue anyways: /var/lib/mender/device_type : open /etc/mender/artifact_info: no such file or directory module=mender
ERRO[0180] failed to submit inventory data: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "docker.mender.io") module=client_inventory
WARN[0180] failed to refresh inventory: failed to submit inventory data: inventory submit failed: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "docker.mender.io") module=state
INFO[0180] State transition: inventory-update [Sync] -> check-wait [Idle] module=mender
INFO[0180] State transition: check-wait [Idle] -> update-check [Sync] module=mender
ERRO[0180] could not get the current artifact name module=mender
ERRO[0180] Error receiving scheduled update data: update check request failed: Get https://docker.mender.io//api/devices/v1/deployments/device/deployments/next: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "docker.mender.io") module=mender
ERRO[0180] update check failed: transient error: update check request failed: Get https://docker.mender.io//api/devices/v1/deployments/device/deployments/next: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "docker.mender.io") module=state
INFO[0180] State transition: update-check [Sync] -> error [Error] module=mender
INFO[0180] handling error state, current error: transient error: update check request failed: Get https://docker.mender.io//api/devices/v1/deployments/device/deployments/next: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "docker.mender.io")
I have added the certificate generated using the keygen provided in etc/mender/server.crt and started up docker server using ./up
I don't see my device under devices either.
What else could I do?
Related
I tried to run the example of openai-java, but SSLHandshakeException error happens.
here is my code
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at io.reactivex.internal.util.ExceptionHelper.wrapOrThrow(ExceptionHelper.java:45)
at io.reactivex.internal.observers.BlockingMultiObserver.blockingGet(BlockingMultiObserver.java:91)
at io.reactivex.Single.blockingGet(Single.java:2585)
at com.theokanning.openai.OpenAiService.createCompletion(OpenAiService.java:116)
Also, I used postman to send post requests to https://api.openai.com/v1/completions with my secret-key, it gives "You exceeded your current quota, please check your plan and billing details"
I guess it may because of https Certificate, and I followed How to Resolve Error message "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", and put certificate of https://openai.com/ into my JDK. And It doesn't work. I wanna ask how to fix this problem
Attempting to automate code signing as a build/deployment script in Bamboo using Squirrel. This is attached to an EV Code signing certifcate provided by DigiCert and using the SafeNet Client.
Code signing works as intended when manually running the commands in a PowerShell window.But when running as a Script from the bamboo agent getting the below error.
The following certificates were considered:
Issued to: <our company>
Issued by: <some ca>
Expires: <is valid>
SHA1 hash: <...>
Issued to: <...>
Issued by: <...>
Expires: <...>
SHA1 hash: <...>
After EKU filter, 1 certs were left.
After expiry filter, 1 certs were left.
After Subject Name filter, 1 certs were left.
After Private Key filter, 0 certs were left.
SignTool Error: No certificates were found that met all the given criteria.
stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
I got error when I try to send a notification using Apple portal. Can you help me with global solutions.?
Does anybody know why when I use 'security' on os x to import a valid identity that it seems to think it has expired:
There are 2 machines, my development machine and a jenkins slave.
I am using the xcodebuild to create an archive and then use:
xcodebuild -exportArchive -archivePath myApp.xcarchive -exportOptionsPlist exportOptions.plist -exportPath . PROVISIONING_PROFILE=fdd0caeb-58fb-41df-a5e8-e5e9bd1f95c9 "OTHER_CODE_SIGN_FLAGS=--keychain /Users/me/Library/Keychains/Buildsystem"
to build an ipa for the store. This works on my development machine using the same archive and the same exportOptions.plist but not on the jenkins slave. I get this error:
016-10-06 23:29:23.438 xcodebuild[87720:8494157] [MT] IDEDistribution:
-[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path
'/var/folders/yd/l_8k4cn91kjc9r853crzz98m0000gn/T/MyApp_2016-10-06_23-29-23.437.xcdistributionlogs'.
2016-10-06 23:29:23.888 xcodebuild[87720:8494157] [MT]
IDEDistribution: Step failed: : Error Domain=IDEDistributionErrorDomain Code=1 "The
operation couldn’t be completed. (IDEDistributionErrorDomain error
1.)"
error: exportArchive: The operation couldn’t be completed.
(IDEDistributionErrorDomain error 1.)
Error Domain=IDEDistributionErrorDomain Code=1 "The operation couldn’t
be completed. (IDEDistributionErrorDomain error 1.)"
** EXPORT FAILED **
I suspect it is because it thinks the code signing identity is bad. When I imported the identity as:
security import AP_Store.p12 -k /Users/me/Library/Keychains/Buildsystem -P ******* -T /usr/bin/codesign
then run:
security find-identity
I get:
1) 71497439A2987BC6830DF2E4879DBD3A5F1B2857 "iPhone Distribution:
xxxxx (xxxxxxxxx)" (CSSMERR_TP_CERT_EXPIRED)
If I import the same identity on my development machine it says it is OK.
Does anybody know why the same identity would be OK on one machine but not another?
This was caused by an expired intermediate certificate.
Apple Worldwide Developer Relations Certification Authority
had expired.
After replacing it everything worked.
A good reference is: MaintainingCertificates
Another thing that can lead to errors such as:
2016-10-11 11:41:11.780 xcodebuild[87463:15799133] [MT]
IDEDistribution: Step failed: : Error Domain=IDEDistributionErrorDomain Code=1
"(null)"
error: exportArchive: The operation couldn’t be completed.
(IDEDistributionErrorDomain error 1.)
is if you have an incorrect team ID in your exportOptions.plist file.
Got an alert on server that the certificate is going to expire. I click the "renew" button and it says Unknown Error. So I dig deeper and run the following on the command line
sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin --recreate-CA-signed-certificate "macserver.local Code Signing Certificate" "IntermediateCA_MACSERVER.LOCAL_1" dd3d0ec3
to which i got the following error:
/Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin --recreate-CA-signed-certificate: Unable to renew identity 'macserver.local Code Signing Certificate': unable to renew certificate: could not find original certificate 'macserver.local Code Signing Certificate' with serial number 'dd3d0ec3' issued by 'IntermediateCA_MACSERVER.LOCAL_1' (-25300)
So I run the following to search the certificate and it does find it:
sudo security find-certificate -c "macserver.local Code Signing Certificate"
keychain: "/Library/Keychains/System.keychain"
class: 0x80001000
attributes:
"alis"<blob>="macserver.local Code Signing Certificate"
"cenc"<uint32>=0x00000003
"ctyp"<uint32>=0x00000001
"hpky"<blob>=0xA14502C168EB2D717615AA60535926B760804C8F "\241E\002\301h\353-qv\025\252`SY&\267`\200L\217"
"issu"<blob>=0x308193312A302806035504030C21496E7465726D65646961746543415F46494C455345525645522E4C4F43414C5F3131123010060355040A0C09727472616374696F6E312D302B060355040B0C244D41434F5358204F70656E4469726563746F727920496E7465726D6564696174652043413122302006092A864886F70D010901161361646D696E40727472616374696F6E2E636F6D "0\201\2231*0(\006\003U\004\003\014!IntermediateCA_MACSERVER.LOCAL_11\0220\020\006\003U\004\012\014\011macserver1-0+\006\003U\004\013\014$MACOSX OpenDirectory Intermediate CA1"0 \006\011*\206H\206\367\015\001\011\001\026\023mymacserver#gmail.com"
"labl"<blob>="macserver.local Code Signing Certificate"
"skid"<blob>=<NULL>
"snbr"<blob>=0x00DD3D0EC3 "\000\335=\016\303"
"subj"<blob>=0x30553132303006035504030C2966696C657365727665722E6C6F63616C20436F6465205369676E696E6720436572746966696361746531123010060355040A0C09727472616374696F6E310B3009060355040613025553 "0U1200\006\003U\004\003\014)macserver.local Code Signing Certificate1\0220\020\006\003U\004\012\014\011macserver1\0130\011\006\003U\004\006\023\002US"
Anyone have any ideas on this?
I've solved this problem for my cert. Instead of using hexadecimal, i use decimal. So in your case the serial number should be 3711766211 in decimal.
Hope this will help you too.
Thanks