I helped someone else using Win7 resolve. He too got it working by getting the certificate via browser than though commandline. One thing we noticed that fingerprint of the two [browser vs cli] was different. I too confirmed the same in my own setup.
Would it be possible to share certificate fingerprint so all can confirm if they got it correct or not? Regards, Vishal. From: Colin Dixon [mailto:[email protected]] Sent: 30 March 2017 21:30 To: Mohamed ElSerngawy <[email protected]> Cc: Vishal Thapar <[email protected]>; Ed Warnicke <[email protected]>; OpenDaylight Discuss <[email protected]>; [email protected]; OpenDaylight Infrastructure <[email protected]>; Daniel Malachovsky -X (dmalacho - PANTHEON TECHNOLOGIES at Cisco) <[email protected]> Subject: Re: [release] [OpenDaylight Discuss] Certificate changes I haven't had more time to debug it since I found the issue. Hopefully I'll have some time today. --Colin On Fri, Mar 24, 2017 at 11:04 AM, Mohamed ElSerngawy <[email protected]<mailto:[email protected]>> wrote: Hi Colin, I have the same issue and tried all the suggested fixes but didn't work. I'm using Mac and java 8, did u succeed to fix it ? Thanks On Fri, Mar 24, 2017 at 5:58 AM, Daniel Malachovsky -X (dmalacho - PANTHEON TECHNOLOGIES at Cisco) <[email protected]<mailto:[email protected]>> wrote: Hi, When I followed Anil’s how-to, I had problems too. Then I saved certificate manually via browser in Base-64 encoded X.509 format and ran keytool command Anil sent. Everything worked. On Windows 7. dano From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Vishal Thapar Sent: 24. marca 2017 5:13 To: Colin Dixon; Ed Warnicke Cc: OpenDaylight Discuss; [email protected]<mailto:[email protected]>; OpenDaylight Infrastructure Subject: Re: [release] [OpenDaylight Discuss] Certificate changes Colin, Did you confirm the fingerprint of the certificate to make sure it is added to keystore correctly? BTW, I have added ‘-Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts’ to my MAVEN_OPTS so I don’t need to give it manually everytime. Also, I’m using Windows, not Linux. Regards, Vishal. From: Colin Dixon [mailto:[email protected]] Sent: 24 March 2017 02:05 To: Ed Warnicke <[email protected]<mailto:[email protected]>> Cc: Vishal Thapar <[email protected]<mailto:[email protected]>>; OpenDaylight Discuss <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]>; OpenDaylight Infrastructure <[email protected]<mailto:[email protected]>> Subject: Re: [release] [OpenDaylight Discuss] Certificate changes (Dropping TSC.) Actually, I'm still working my way through this. I cannot seem to get my Mac to trust the new ODL nexus cert. Even following Anil's suggestions above and then trying it with -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts and I still get lots of errors like: [WARNING] Could not transfer metadata org.opendaylight.netconf:netconf-client:1.2.0-SNAPSHOT/maven-metadata.xml from/to opendaylight-snapshot (https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I'll keep shaving the Yak for a bit. I suspect moving to Linux and OpenJDK would fix it. --Colin On Thu, Mar 23, 2017 at 4:26 PM, Ed Warnicke <[email protected]<mailto:[email protected]>> wrote: Do we know what the root cause is of having to use that? Ed On Thu, Mar 23, 2017 at 1:24 PM, Colin Dixon <[email protected]<mailto:[email protected]>> wrote: While the -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts option fixes the problem, it feels like the "wrong" answer. Is there a right answer? --Colin On Mon, Mar 20, 2017 at 8:05 AM, Vishal Thapar <[email protected]<mailto:[email protected]>> wrote: Thank you Ivan, this worked for me. From: Ivan Hraško [mailto:[email protected]<mailto:[email protected]>] Sent: 20 March 2017 15:44 To: Vishal Thapar <[email protected]<mailto:[email protected]>>; Anil Belur <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]>; OpenDaylight Discuss <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]>; OpenDaylight Infrastructure <[email protected]<mailto:[email protected]>> Subject: Re: [release] [OpenDaylight Discuss] Certificate changes Hi you can try: mvn clean install -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts maybe it helps ________________________________ Od: Vishal Thapar <[email protected]<mailto:[email protected]>> Odoslané: 20. marca 2017 11:04 Komu: Anil Belur Kópia: [email protected]<mailto:[email protected]>; OpenDaylight Discuss; [email protected]<mailto:[email protected]>; OpenDaylight Infrastructure Predmet: Re: [release] [OpenDaylight Discuss] Certificate changes Hi Anil, I got the certificate downloaded and checked my cert store to confirm also, but still getting the same error. Regards, Vishal. From: Anil Belur [mailto:[email protected]] Sent: 20 March 2017 14:48 To: Vishal Thapar <[email protected]<mailto:[email protected]>> Cc: Andrew Grimberg <[email protected]<mailto:[email protected]>>; OpenDaylight Discuss <[email protected]<mailto:[email protected]>>; OpenDaylight Infrastructure <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Subject: Re: [OpenDaylight Discuss] [release] Certificate changes On Mon, Mar 20, 2017 at 5:41 PM, Vishal Thapar <[email protected]<mailto:[email protected]>> wrote: Hi Andrew, I am facing cert issues when trying to build locally. Does this require any specific version of Java? Do I need to manually update certificates? This is what I have: $ java -version java version "1.8.0_60" Java(TM) SE Runtime Environment (build 1.8.0_60-b27) Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode) This is the error I am getting: Downloading: https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/org/opendaylight/neutron/model/0.8.0-SNAPSHOT/maven-metadata.xml [WARNING] Could not transfer metadata org.opendaylight.neutron:model:0.8.0-SNAPSHOT/maven-metadata.xml from/to opendaylight-snapshot (https://nexus.opendaylight.org/content/reposit ories/opendaylight.snapshot/): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target Hello Vishal, This possibly looks like the cert chain may not be imported into your $JAVA_HOME key store. For fixing this, I would try downloading the cert file and using keytool to import the certificate{s}. --[cut]-- openssl s_client -connect nexus.opendaylight.org:443<http://nexus.opendaylight.org:443> < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt <JAVA_HOME>/bin/keytool -import -alias nexus.opendaylight.org:443<http://nexus.opendaylight.org:443> -keystore <JAVA_HOME>/jre/lib/security/cacerts -file public.crt --[/cut]-- Thanks, Anil _______________________________________________ Discuss mailing list [email protected]<mailto:[email protected]> https://lists.opendaylight.org/mailman/listinfo/discuss _______________________________________________ release mailing list [email protected]<mailto:[email protected]> https://lists.opendaylight.org/mailman/listinfo/release _______________________________________________ release mailing list [email protected]<mailto:[email protected]> https://lists.opendaylight.org/mailman/listinfo/release
_______________________________________________ Discuss mailing list [email protected] https://lists.opendaylight.org/mailman/listinfo/discuss
