When try to connect to update sites under help->Install New Software I get:
Unable to read repository at https://dl.google.com/eclipse/plugin/4.4/content.xml.
Unable to read repository at https://dl.google.com/eclipse/plugin/4.4/content.xml.
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have tried to import the certificate into the truststore as well as set it in the sts.ini file but to no avail.
Any help greatly appreciated!
I encountered a similar issue while trying to add templates to STS (3.6.2). The issue was my organization's usage of an SSL inspection tool that presents its certificate instead of the real one (GitHub.com).
The solution was to export the SSL inspection's certificate (using IE for example) and add it to the cacerts file. Use this article for the procedure.
Then update the sts.ini file and add the following lines:
-Djavax.net.ssl.trustStore=C:\Program Files\Java\jdk1.7.0_07\jre\lib\security\cacerts
-Djava.net.ssl.trustStorePassword=changeit
Finally - restart STS.
Related
I have a spring batch application configured with docker-compose.yml. To run the project there is a run.sh file and it spinup several containers. DB container gets up and running without issues. But the container which runs the spring application fails with the below error.
Could not resolve all artifacts for configuration ':classpath'.
> Could not download spring-boot-gradle-plugin-2.5.4.jar (org.springframework.boot:spring-boot-gradle-plugin:2.5.4)
> Could not get resource 'https://plugins.gradle.org/m2/org/springframework/boot/spring-boot-gradle-plugin/2.5.4/spring-boot-gradle-plugin-2.5.4.jar'.
> Could not GET 'https://plugins.gradle.org/m2/org/springframework/boot/spring-boot-gradle-plugin/2.5.4/spring-boot-gradle-plugin-2.5.4.jar'.
> The server may not support the client's requested TLS protocol versions: (TLSv1.2, TLSv1.3). You may need to configure the client to allow other protocols to be used. See: https://docs.gradle.org/7.2/userguide/build_environment.html#gradle_system_properties
> PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> Could not download sonarqube-gradle-plugin-3.3.jar (org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:3.3)
> Could not get resource 'https://plugins.gradle.org/m2/org/sonarsource/scanner/gradle/sonarqube-gradle-plugin/3.3/sonarqube-gradle-plugin-3.3.jar'.
> Could not GET 'https://plugins.gradle.org/m2/org/sonarsource/scanner/gradle/sonarqube-gradle-plugin/3.3/sonarqube-gradle-plugin-3.3.jar'.
`
But I can download those jar files from my local machine. So jars are residing in those locations. I think this container can't access the internet to download these files. There's no way to use a terminal inside the container to execute a ping command since it is exiting right after giving this error. (But I pinged google.com in DB container and it worked.So this problem is only for that particular container)
There was a workaround to add this rootProject.buildFileName = 'build.gradle.kts' in settings.gradle. But then it says Task 'bootRun' not found in root project '*'. So I think no use in this workaround and what I want to solve is the network connection issue of the container.
Issue was with this part of the error msg: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
To fix, you have to download the certificate of https://plugins.gradle.org/ and add that to cacerts file of the jdk (refer this link to see how to install the certificate)
Since I had this problem inside a container I manually replaced the cacerts file inside the container with the local cacerts file (which already contains the certificate of gradle.org).
So this whole problem is with the jdk image which was used to create the container.
I am trying to install native-image for my GraalVM in Windows environment. In cmd, I used the below command,
gu install native-image
But it shows this error,
Downloading: Release index file from oca.opensource.oracle.com
Error: Error reading component list: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
As the error states your environment from which gu is estabilishing a secure connection to the remote repository cannot verify the certification path of the repository. In other words your JVM does not trust oca.opensource.oracle.com.
The $JAVA_HOME/lib/security/cacerts file contains the collection of trusted CA used by JVM when running gu. Apparently this file in your JDK is missing the certificate chain of your repository.
Adding new trusted certificate
Download oca.opensource.oracle.com repository's root certificate.
Open $JAVA_HOME/lib/security/cacerts file in elevated mode with e.g. KeyStore Explorer or modify it with keytool. Default password is changeit.
Add new trusted CA from 1.
Save and close.
Useful sources
SSL and cert keystore
Difference Between a Java Keystore and a Truststore
In our organization the issue was in the man-in-the-middle SSL firewall product as mentioned by prunge.
I have a cluster managed with cloudera, I have installed CFM (Nifi) with the tutorial; also secured the nifi nodes with TLS/SSL.
When I tried the invokeHTTP processor, I have the following bulletin:
InvokeHTTP[id=3c2dea7a-0172-1000-0000-0000350072f1] Yielding processor due to exception encountered as a source processor: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have tried with and without a secured cluster (with the help of Nifi CA toolkit service), without any success.
I also tried to create a controller service to force path of the trustore and keystore.
Now I am clueless on what to do, any ideas?
Thank you for your help,
#pdeuxa you need to configure the SSLContextService for the resource you are connecting to not the nifi cluster. You do this by adding the resource's SSL Certificates to a local nifi truststore, then tell NiFi where the truststore is. The files need to be properly owned for nifi and copied to all nifi nodes.
It works with SSLcontext configuration!
I copied the cacert from java jdk on each nifi nodes, and grant ownership to the cacert to nifi user.
On the SSL context configuration I added the path of the copied cacert for keystore and trustore (the defaut password for java cacert is "changeit").
Then I forced invokehttp "proxy type" property on "http"
I am trying to run spring boot project with below command but I am getting ssl handshake issue.
cmd>..\gradlew bootrun
Downloading https://services.gradle.org/distributions/gradle-4.1-bin.zip
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I was referring http://www.jyothis.co.in/2011/11/12/javax-net-ssl-sslhandshakeexception/ and this is asking to install certificate from browser. I checked by copying the url in IE but it is missing certificate so I am not able to install it. Please guide me on how I could remove this error.
Thank you
I just downloaded and installed the latest version of Android Studio (3.0.1) at work to start a new tablet project. During setup it needed me to enter my proxy server information which I did. I created an empty project and it asked me to accept or reject a couple of certificates one from Google Inc (*.google.com) and another from JetBrains s.r.o. (plugins.jetbrains.com). I accepted them and they now show up in Settings -> Tools -> Server Certificates. It has been able to download a number of packages, but after everything appears to be installed I get a message "Gradle project sync failed. Basic functionality will not work properly."
There are a number of error messages that look like this:
Unable to resolve dependency for ':app#debug/compileClasspath': Could not resolve com.android.support:appcompat-v7:26.1.0.
Could not resolve com.android.support:appcompat-v7:26.1.0.
Required by:
project :app
> Could not resolve com.android.support:appcompat-v7:26.1.0.
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/support/appcompat-v7/26.1.0/appcompat-v7-26.1.0.pom'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/support/appcompat-v7/26.1.0/appcompat-v7-26.1.0.pom'.
> dl.google.com
I tried adding http and https proxy server information to the 'gradle.properties' as suggested here.
That changed the error message to this:
Unable to resolve dependency for ':app#debug/compileClasspath': Could not resolve com.android.support:appcompat-v7:26.1.0.
Could not resolve com.android.support:appcompat-v7:26.1.0.
Required by:
project :app
> Could not resolve com.android.support:appcompat-v7:26.1.0.
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/support/appcompat-v7/26.1.0/appcompat-v7-26.1.0.pom'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/support/appcompat-v7/26.1.0/appcompat-v7-26.1.0.pom'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> unable to find valid certification path to requested target
Further digging came up with this. Adding the URL to FireFox allows me to download the appcompat-v7-26.1.0.pom file but does not provide a "HTTPS certificate chain" to export a certificate from. I am also not sure where I am supposed to get the keytool mentioned as well.
To verify that it is the proxy setup that is causing the problem I took my laptop home. Using my home network and turning off the HTTP Proxy caused a 3rd error (connection timed out) which was fixed by clearing the certificates. So it appears that the certificates accepted in Android Studio are used by at least part of the process. Now that I am back at work everything seems to work just fine.
There must be others out there running Android Studio with an HTTP Proxy set. What is the "correct" way of fixing this?
I replaced the file
C:\Program Files\Android\Android Studio\jre\jre\lib\security>\cacerts
with the file from the jre (%JAVA_HOME%\lib\security\cacerts).
The certificates in the new cacerts file directed the android jre to go through the proxy server.