Re: [OpenDaylight Discuss] [release] Certificate changes

Mon, 27 Mar 2017 16:59:36 -0700 


On Thursday 16 March 2017 03:01 AM, Andrew Grimberg wrote:
> On 03/13/2017 04:56 PM, Andrew Grimberg wrote:
>> On 03/13/2017 03:15 PM, Andrew Grimberg wrote:
>>> Greetings folks,
>>>
>>> Google release Chrome 57 last week and if you happen to have updated you
>>> may find you can't access portions of OpenDaylight. LF is aware of this
>>> and will have a fix in place in by EOD today.
>>>
>>> -Andy-
>>
>> Greetings,
>>
>> The initial phase of this work is now done. All certificates except for
>> Nexus have been switched over to Let's Encrypt certificates. We will be
>> moving Nexus over tomorrow but as it's late in the day and we understand
>> that Java can be touchy about the certs we don't want to make the change
>> late in the business day even though we're certain it will work.
> Greetings folks,
>
> I know I said that the cert change for nexus would happen yesterday.
> However, given the issues that Jenkins was having with SNI it didn't
> happen. I have just now completed switching Nexus over to a Let's
> Encrypt (LE) certificate as well.
>
> I do not anticipate any issues given that the LE's CA is cross-signed by
> a CA that is in the Oracle JDK trust store but just in case folks using
> that JDK suddenly can't do local builds anymore, please let us know!
>
> -Andy-
>
>
>
> _______________________________________________
> release mailing list
> [email protected]
> https://lists.opendaylight.org/mailman/listinfo/release

Hi all,

Just letting everyone know, I had a chat with Andy on the issue seen by
few people. The recent certificate changes to nexus repository as seen
on SSL report in [1.] shows A+ grade and no issues, therefore would not
require to import the cert chain manually. Going forward, for those who
are still seeing the issue, we recommend sharing a dump of the CA's
certs installed, using the following command:

--[cut]--
<JAVA_HOME>/bin/keytool -list -v
-keystore <JAVA_HOME>/jre/lib/security/cacerts > cacerts.txt
--[/cut]--

[1.] 
https://www.ssllabs.com/ssltest/analyze.html?d=nexus.opendaylight.org&s=72.3.167.142

Thanks,
Anil

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Discuss mailing list
[email protected]
https://lists.opendaylight.org/mailman/listinfo/discuss
      • ... Vishal Thapar
        • ... Ivan Hraško
          • ... Vishal Thapar
          • ... Colin Dixon
          • ... Ed Warnicke
          • ... Colin Dixon
          • ... Vishal Thapar
          • ... Daniel Malachovsky -X (dmalacho - PANTHEON TECHNOLOGIES at Cisco)
          • ... Mohamed ElSerngawy
          • ... Lori Jakab
  • Re: [Ope... Anil Belur

Reply via email to