Oh, and for reference: mvn -v Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was removed in 8.0 Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T09:41:47-07:00) Maven home: /Users/hagbard/build/apache-maven-3.3.9 Java version: 1.8.0_77, vendor: Oracle Corporation Java home: /Library/Java/JavaVirtualMachines/jdk1.8.0_77.jdk/Contents/Home/jre Default locale: en_US, platform encoding: UTF-8 OS name: "mac os x", version: "10.12.3", arch: "x86_64", family: "mac"
Ed On Mon, Mar 27, 2017 at 5:11 PM, Ed Warnicke <[email protected]> wrote: > Anil, > > Has anyone checked to see if the cert we are using is repected by the > Oracle JDK? > > Because I can trivially reproduce this issue with the Oracle JDK that > comes as stock on the Mac (where many of our developers work). > The SSL rating you mentioned is basically meaningless for this problem... > all that matters is: > > a) Is the cert respected by OpenJDK > and > b) Is the cert respected by Oracle JDK > > What I see from my experiment is that the answer to #b is *no*, and so we > must get a cert from a cert authority that *is*. > > Ed > > On Mon, Mar 27, 2017 at 4:59 PM, Anil Belur <[email protected]> > wrote: > >> >> >> On Thursday 16 March 2017 03:01 AM, Andrew Grimberg wrote: >> >> On 03/13/2017 04:56 PM, Andrew Grimberg wrote: >> >> On 03/13/2017 03:15 PM, Andrew Grimberg wrote: >> >> Greetings folks, >> >> Google release Chrome 57 last week and if you happen to have updated you >> may find you can't access portions of OpenDaylight. LF is aware of this >> and will have a fix in place in by EOD today. >> >> -Andy- >> >> Greetings, >> >> The initial phase of this work is now done. All certificates except for >> Nexus have been switched over to Let's Encrypt certificates. We will be >> moving Nexus over tomorrow but as it's late in the day and we understand >> that Java can be touchy about the certs we don't want to make the change >> late in the business day even though we're certain it will work. >> >> Greetings folks, >> >> I know I said that the cert change for nexus would happen yesterday. >> However, given the issues that Jenkins was having with SNI it didn't >> happen. I have just now completed switching Nexus over to a Let's >> Encrypt (LE) certificate as well. >> >> I do not anticipate any issues given that the LE's CA is cross-signed by >> a CA that is in the Oracle JDK trust store but just in case folks using >> that JDK suddenly can't do local builds anymore, please let us know! >> >> -Andy- >> >> >> >> >> _______________________________________________ >> release mailing >> [email protected]https://lists.opendaylight.org/mailman/listinfo/release >> >> >> Hi all, >> >> Just letting everyone know, I had a chat with Andy on the issue seen by >> few people. The recent certificate changes to nexus repository as seen on >> SSL report in [1.] shows A+ grade and no issues, therefore would not >> require to import the cert chain manually. Going forward, for those who are >> still seeing the issue, we recommend sharing a dump of the CA's certs >> installed, using the following command: >> >> --[cut]-- >> <JAVA_HOME>/bin/keytool -list -v -keystore >> <JAVA_HOME>/jre/lib/security/cacerts >> > cacerts.txt >> --[/cut]-- >> >> [1.] https://www.ssllabs.com/ssltest/analyze.html?d=nexus.op >> endaylight.org&s=72.3.167.142 >> >> Thanks, >> Anil >> >> >> _______________________________________________ >> Discuss mailing list >> [email protected] >> https://lists.opendaylight.org/mailman/listinfo/discuss >> >> >
_______________________________________________ Discuss mailing list [email protected] https://lists.opendaylight.org/mailman/listinfo/discuss
