Hi, When I followed Anil’s how-to, I had problems too. Then I saved certificate manually via browser in Base-64 encoded X.509 format and ran keytool command Anil sent. Everything worked. On Windows 7.
dano From: [email protected] [mailto:[email protected]] On Behalf Of Vishal Thapar Sent: 24. marca 2017 5:13 To: Colin Dixon; Ed Warnicke Cc: OpenDaylight Discuss; [email protected]; OpenDaylight Infrastructure Subject: Re: [release] [OpenDaylight Discuss] Certificate changes Colin, Did you confirm the fingerprint of the certificate to make sure it is added to keystore correctly? BTW, I have added ‘-Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts’ to my MAVEN_OPTS so I don’t need to give it manually everytime. Also, I’m using Windows, not Linux. Regards, Vishal. From: Colin Dixon [mailto:[email protected]] Sent: 24 March 2017 02:05 To: Ed Warnicke <[email protected]<mailto:[email protected]>> Cc: Vishal Thapar <[email protected]<mailto:[email protected]>>; OpenDaylight Discuss <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]>; OpenDaylight Infrastructure <[email protected]<mailto:[email protected]>> Subject: Re: [release] [OpenDaylight Discuss] Certificate changes (Dropping TSC.) Actually, I'm still working my way through this. I cannot seem to get my Mac to trust the new ODL nexus cert. Even following Anil's suggestions above and then trying it with -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts and I still get lots of errors like: [WARNING] Could not transfer metadata org.opendaylight.netconf:netconf-client:1.2.0-SNAPSHOT/maven-metadata.xml from/to opendaylight-snapshot (https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I'll keep shaving the Yak for a bit. I suspect moving to Linux and OpenJDK would fix it. --Colin On Thu, Mar 23, 2017 at 4:26 PM, Ed Warnicke <[email protected]<mailto:[email protected]>> wrote: Do we know what the root cause is of having to use that? Ed On Thu, Mar 23, 2017 at 1:24 PM, Colin Dixon <[email protected]<mailto:[email protected]>> wrote: While the -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts option fixes the problem, it feels like the "wrong" answer. Is there a right answer? --Colin On Mon, Mar 20, 2017 at 8:05 AM, Vishal Thapar <[email protected]<mailto:[email protected]>> wrote: Thank you Ivan, this worked for me. From: Ivan Hraško [mailto:[email protected]<mailto:[email protected]>] Sent: 20 March 2017 15:44 To: Vishal Thapar <[email protected]<mailto:[email protected]>>; Anil Belur <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]>; OpenDaylight Discuss <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]>; OpenDaylight Infrastructure <[email protected]<mailto:[email protected]>> Subject: Re: [release] [OpenDaylight Discuss] Certificate changes Hi you can try: mvn clean install -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts maybe it helps ________________________________ Od: Vishal Thapar <[email protected]<mailto:[email protected]>> Odoslané: 20. marca 2017 11:04 Komu: Anil Belur Kópia: [email protected]<mailto:[email protected]>; OpenDaylight Discuss; [email protected]<mailto:[email protected]>; OpenDaylight Infrastructure Predmet: Re: [release] [OpenDaylight Discuss] Certificate changes Hi Anil, I got the certificate downloaded and checked my cert store to confirm also, but still getting the same error. Regards, Vishal. From: Anil Belur [mailto:[email protected]] Sent: 20 March 2017 14:48 To: Vishal Thapar <[email protected]<mailto:[email protected]>> Cc: Andrew Grimberg <[email protected]<mailto:[email protected]>>; OpenDaylight Discuss <[email protected]<mailto:[email protected]>>; OpenDaylight Infrastructure <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Subject: Re: [OpenDaylight Discuss] [release] Certificate changes On Mon, Mar 20, 2017 at 5:41 PM, Vishal Thapar <[email protected]<mailto:[email protected]>> wrote: Hi Andrew, I am facing cert issues when trying to build locally. Does this require any specific version of Java? Do I need to manually update certificates? This is what I have: $ java -version java version "1.8.0_60" Java(TM) SE Runtime Environment (build 1.8.0_60-b27) Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode) This is the error I am getting: Downloading: https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/org/opendaylight/neutron/model/0.8.0-SNAPSHOT/maven-metadata.xml [WARNING] Could not transfer metadata org.opendaylight.neutron:model:0.8.0-SNAPSHOT/maven-metadata.xml from/to opendaylight-snapshot (https://nexus.opendaylight.org/content/reposit ories/opendaylight.snapshot/): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target Hello Vishal, This possibly looks like the cert chain may not be imported into your $JAVA_HOME key store. For fixing this, I would try downloading the cert file and using keytool to import the certificate{s}. --[cut]-- openssl s_client -connect nexus.opendaylight.org:443<http://nexus.opendaylight.org:443> < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt <JAVA_HOME>/bin/keytool -import -alias nexus.opendaylight.org:443<http://nexus.opendaylight.org:443> -keystore <JAVA_HOME>/jre/lib/security/cacerts -file public.crt --[/cut]-- Thanks, Anil _______________________________________________ Discuss mailing list [email protected]<mailto:[email protected]> https://lists.opendaylight.org/mailman/listinfo/discuss _______________________________________________ release mailing list [email protected]<mailto:[email protected]> https://lists.opendaylight.org/mailman/listinfo/release
_______________________________________________ Discuss mailing list [email protected] https://lists.opendaylight.org/mailman/listinfo/discuss
