I think it's also probably worth noting that we are basically talking about less than $80 a year and a small number of minutes to solve this problem:
https://ssl.comodo.com/landing/ssl/index-new03.php?af=7697&key1sk1=sem&ap=CUCSEM2017&gclid=Cj0KEQjw2fLGBRDopP-vg7PLgvsBEiQAUOnIXA9GgtA5W0JH7o0_Wt7EGiajYLoSUAxbkydr78bfzi4aAnm78P8HAQ Its not like its expensive or hard. Ed On Thu, Mar 30, 2017 at 10:09 AM, FREEMAN, BRIAN D <[email protected]> wrote: > This type of change is really terrible from my perspective. We have > developers working on production features and we cant have a situation > where they simply can’t get their job done because of something as simple > as a certificate update. This is not a research project where a few people > just need to see the note on the coffee machine that they should use joe’s > email to update their environment. > > > > We need to make sure that we don’t break the build process for developers. > I also agree that reducing barriers to entry for the community needs to be > lower not higher. > > > > My two cents is to fix the problem and put a certificate in that actually > is widely accepted by our tools. Down the road when the certificate > authority is available in the predominant tools being used a different > answer might be possible. > > > > Brian > > > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Colin Dixon > *Sent:* Thursday, March 30, 2017 12:51 PM > *To:* Ed Warnicke <[email protected]> > *Cc:* OpenDaylight Discuss <[email protected]>; > [email protected]; OpenDaylight Infrastructure < > [email protected]>; Vishal Thapar < > [email protected]>; Mohamed ElSerngawy <[email protected]>; > Daniel Malachovsky -X (dmalacho - PANTHEON TECHNOLOGIES at Cisco) < > [email protected]> > > *Subject:* Re: [OpenDaylight Discuss] [release] Certificate changes > > > > I'm somewhat on Ed's side here. A huge number of developers use Macs. Most > people will have Oracle JDKs of some kind turned on. Reasonably recent ones > aren't working. Despite this whole thread, I still don't have instructions > that have gotten the build to work on my Mac. I'll put some more cycles > into it later, but at this point I've personally lost ~2 hours to the > problem and I haven't seen clear instructions on how to fix it. :-( > > > > --Colin > > > > > > On Thu, Mar 30, 2017 at 12:39 PM, Ed Warnicke <[email protected]> wrote: > > The question is... how many people *don't* find help and just *presume* we > are broken out of the box (literally don't build for reasons that are not > obvious to most people). > > > > Ed > > > > On Thu, Mar 30, 2017 at 9:05 AM, Vishal Thapar <[email protected]> > wrote: > > I helped someone else using Win7 resolve. He too got it working by getting > the certificate via browser than though commandline. One thing we noticed > that fingerprint of the two [browser vs cli] was different. I too confirmed > the same in my own setup. > > > > Would it be possible to share certificate fingerprint so all can confirm > if they got it correct or not? > > > > Regards, > > Vishal. > > > > *From:* Colin Dixon [mailto:[email protected]] > *Sent:* 30 March 2017 21:30 > *To:* Mohamed ElSerngawy <[email protected]> > *Cc:* Vishal Thapar <[email protected]>; Ed Warnicke < > [email protected]>; OpenDaylight Discuss <[email protected]>; > [email protected]; OpenDaylight Infrastructure < > [email protected]>; Daniel Malachovsky -X (dmalacho - > PANTHEON TECHNOLOGIES at Cisco) <[email protected]> > > > *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes > > > > I haven't had more time to debug it since I found the issue. Hopefully > I'll have some time today. > > > > --Colin > > > > > > On Fri, Mar 24, 2017 at 11:04 AM, Mohamed ElSerngawy < > [email protected]> wrote: > > Hi Colin, > > > > I have the same issue and tried all the suggested fixes but didn't work. > I'm using Mac and java 8, did u succeed to fix it ? > > > > Thanks > > > > On Fri, Mar 24, 2017 at 5:58 AM, Daniel Malachovsky -X (dmalacho - > PANTHEON TECHNOLOGIES at Cisco) <[email protected]> wrote: > > Hi, > > > > When I followed Anil’s how-to, I had problems too. > > Then I saved certificate manually via browser in Base-64 encoded X.509 > format and ran keytool command Anil sent. Everything worked. > On Windows 7. > > > > dano > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Vishal Thapar > *Sent:* 24. marca 2017 5:13 > *To:* Colin Dixon; Ed Warnicke > *Cc:* OpenDaylight Discuss; [email protected]; OpenDaylight > Infrastructure > > > *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes > > > > Colin, > > > > Did you confirm the fingerprint of the certificate to make sure it is > added to keystore correctly? > > > > BTW, I have added > ‘-Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts’ > to my MAVEN_OPTS so I don’t need to give it manually everytime. > > > > Also, I’m using Windows, not Linux. > > > > Regards, > > Vishal. > > > > *From:* Colin Dixon [mailto:[email protected] <[email protected]>] > *Sent:* 24 March 2017 02:05 > *To:* Ed Warnicke <[email protected]> > *Cc:* Vishal Thapar <[email protected]>; OpenDaylight Discuss < > [email protected]>; [email protected]; > OpenDaylight Infrastructure <[email protected]> > *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes > > > > (Dropping TSC.) > > > > Actually, I'm still working my way through this. I cannot seem to get my > Mac to trust the new ODL nexus cert. Even following Anil's suggestions > above and then trying it with -Djavax.net.ssl. > trustStore=$JAVA_HOME/jre/lib/security/cacerts and I still get lots of > errors like: > > [WARNING] Could not transfer metadata org.opendaylight.netconf: > netconf-client:1.2.0-SNAPSHOT/maven-metadata.xml from/to > opendaylight-snapshot (https://nexus.opendaylight. > org/content/repositories/opendaylight.snapshot/ > <https://urldefense.proofpoint.com/v2/url?u=https-3A__nexus.opendaylight.org_content_repositories_opendaylight.snapshot_&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=zhOZWSM-XsqNSaDYfUWAZ5QqiUfF_TkX6rN3oAtaYbo&e=>): > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > > > > I'll keep shaving the Yak for a bit. I suspect moving to Linux and OpenJDK > would fix it. > > > > --Colin > > > > > > On Thu, Mar 23, 2017 at 4:26 PM, Ed Warnicke <[email protected]> wrote: > > Do we know what the root cause is of having to use that? > > > > Ed > > > > On Thu, Mar 23, 2017 at 1:24 PM, Colin Dixon <[email protected]> wrote: > > While the -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts > option fixes the problem, it feels like the "wrong" answer. Is there a > right answer? > > > > --Colin > > > > > > On Mon, Mar 20, 2017 at 8:05 AM, Vishal Thapar <[email protected]> > wrote: > > Thank you Ivan, this worked for me. > > > > *From:* Ivan Hraško [mailto:[email protected]] > *Sent:* 20 March 2017 15:44 > *To:* Vishal Thapar <[email protected]>; Anil Belur < > [email protected]> > *Cc:* [email protected]; OpenDaylight Discuss < > [email protected]>; [email protected]; > OpenDaylight Infrastructure <[email protected]> > *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes > > > > Hi > > > > you can try: > > > > mvn clean install -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/ > cacerts > > > > maybe it helps > ------------------------------ > > *Od:* Vishal Thapar <[email protected]> > *Odoslané:* 20. marca 2017 11:04 > *Komu:* Anil Belur > *Kópia:* [email protected]; OpenDaylight Discuss; > [email protected]; OpenDaylight Infrastructure > *Predmet:* Re: [release] [OpenDaylight Discuss] Certificate changes > > > > Hi Anil, > > > > I got the certificate downloaded and checked my cert store to confirm > also, but still getting the same error. > > > > Regards, > > Vishal. > > > > *From:* Anil Belur [mailto:[email protected] > <[email protected]>] > *Sent:* 20 March 2017 14:48 > *To:* Vishal Thapar <[email protected]> > *Cc:* Andrew Grimberg <[email protected]>; OpenDaylight > Discuss <[email protected]>; OpenDaylight Infrastructure < > [email protected]>; [email protected]; > [email protected] > *Subject:* Re: [OpenDaylight Discuss] [release] Certificate changes > > > > > > > > On Mon, Mar 20, 2017 at 5:41 PM, Vishal Thapar <[email protected]> > wrote: > > Hi Andrew, > > I am facing cert issues when trying to build locally. Does this require > any specific version of Java? Do I need to manually update certificates? > > This is what I have: > $ java -version > java version "1.8.0_60" > Java(TM) SE Runtime Environment (build 1.8.0_60-b27) > Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode) > > This is the error I am getting: > > Downloading: https://nexus.opendaylight.org/content/repositories/ > opendaylight.snapshot/org/opendaylight/neutron/model/0. > 8.0-SNAPSHOT/maven-metadata.xml > <https://urldefense.proofpoint.com/v2/url?u=https-3A__nexus.opendaylight.org_content_repositories_opendaylight.snapshot_org_opendaylight_neutron_model_0.8.0-2DSNAPSHOT_maven-2Dmetadata.xml&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=_7EA3wBrVPgD5fyf_Y4VexAtPVbSCSrOhFsW7C5C9Mg&e=> > [WARNING] Could not transfer metadata org.opendaylight.neutron: > model:0.8.0-SNAPSHOT/maven-metadata.xml from/to opendaylight-snapshot ( > https://nexus.opendaylight.org/content/reposit > ories/opendaylight.snapshot/ > <https://urldefense.proofpoint.com/v2/url?u=https-3A__nexus.opendaylight.org_content_repositories_opendaylight.snapshot_&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=zhOZWSM-XsqNSaDYfUWAZ5QqiUfF_TkX6rN3oAtaYbo&e=>): > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find vali > d certification path to requested target > > > > Hello Vishal, > > > > This possibly looks like the cert chain may not be imported into your > $JAVA_HOME key store. For fixing this, I would try downloading the cert > file and using keytool to import the certificate{s}. > > > > --[cut]-- > > openssl s_client -connect nexus.opendaylight.org:443 > <https://urldefense.proofpoint.com/v2/url?u=http-3A__nexus.opendaylight.org-3A443&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=FH6_t1pVsbX1PZCJpHvmC0iMppF7orclbkhXkcEIImU&e=> > < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > > public.crt > > <JAVA_HOME>/bin/keytool -import -alias nexus.opendaylight.org:443 > <https://urldefense.proofpoint.com/v2/url?u=http-3A__nexus.opendaylight.org-3A443&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=FH6_t1pVsbX1PZCJpHvmC0iMppF7orclbkhXkcEIImU&e=> > -keystore <JAVA_HOME>/jre/lib/security/cacerts -file public.crt > > --[/cut]-- > > > > Thanks, > > Anil > > > > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.opendaylight.org/mailman/listinfo/discuss > <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.opendaylight.org_mailman_listinfo_discuss&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=abifMKRwH1nJqdg1D9d172UBoV3C3T6A8sWAEkSMizE&e=> > > > > > > _______________________________________________ > release mailing list > [email protected] > https://lists.opendaylight.org/mailman/listinfo/release > <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.opendaylight.org_mailman_listinfo_release&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=Zn_VBQtg6Bmv-j4_Ns-Ooaek88SPuH0vVtZ0boGsXec&e=> > > > > > > > _______________________________________________ > release mailing list > [email protected] > https://lists.opendaylight.org/mailman/listinfo/release > <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.opendaylight.org_mailman_listinfo_release&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=Zn_VBQtg6Bmv-j4_Ns-Ooaek88SPuH0vVtZ0boGsXec&e=> > > > > > > > > >
_______________________________________________ Discuss mailing list [email protected] https://lists.opendaylight.org/mailman/listinfo/discuss
