Anil, Thats nice... but at the end of the day, here's the net-net... a large subset of the world's first experience trying to do ODL development is going to be that we are inexplicably broken in a cryptic way. I strongly recommend we get a cert that is supported by *any* Oracle JDK 1.8, and wait for Oracle JDK 1.8 to be deprecated for use for ODL development (typically something that happens after 1.8 itself has EOLed) *before* using a Let's Encrypt Cert.
Initial exposure matters tremendously, and a first experience of "It's broken" is not what we want. Ed On Mon, Mar 27, 2017 at 7:28 PM, Anil Belur <[email protected]> wrote: > > > On Tuesday 28 March 2017 11:41 AM, Ed Warnicke wrote: > > Anil, > > > > That's OpenJDK. The cert has to be recognized by Oracle JDK as well. It > > is not. > > > > Ed > > > > On Mon, Mar 27, 2017 at 6:29 PM, Anil Belur <[email protected]> > > wrote: > > > >> > >> Hello Ed, > >> > >> With a more recent version of JDK shows IdenTrust is available which is > >> intermediate CA being used is available in [1.]. > >> > >> # keytool -list -v -keystore > >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3. > >> x86_64/jre/lib/security/cacerts > >> | grep 'Issuer:' | grep 'CN=IdenTrust' > >> ... > >> Issuer: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US > >> Issuer: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US > >> Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co. > >> > >> We would recommend updating the more latest version of JDK, and let us > >> know if this resolves the issue. > >> > >> [1.] https://bugs.openjdk.java.net/browse/JDK-8161008 > >> > >> Thanks, > >> Anil > >> > >> > > Ed, Please refer to output with Oracle JDK (jdk1.8.0_121) below: > > # /usr/java/jdk1.8.0_121/bin/keytool -list -v -keystore > /usr/java/jdk1.8.0_121/jre/lib/security/cacerts | grep 'Issuer:' | egrep > '(Iden|DST)' > Enter keystore password: > > Issuer: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US > Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co. > Issuer: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US > > Let us know if this works. My apologies for the confusion. > > Thanks, > Anil > > >
_______________________________________________ Discuss mailing list [email protected] https://lists.opendaylight.org/mailman/listinfo/discuss
