This is my working fingerprint, check if you have same one. nexus.opendaylight.org:443, 21.3.2017, trustedCertEntry, Certificate fingerprint (SHA1): F1:5B:47:84:58:F9:19:EF:E7:DF:CB:DE:1C:AB:7B:4A:0E:70:46:D2
I checked certificate downloaded via command from Anil’s email down below and certificate downloaded via browser. They were different. But I’m on win7. Dano From: Colin Dixon [mailto:[email protected]] Sent: 30. marca 2017 18:51 To: Ed Warnicke Cc: Vishal Thapar; Mohamed ElSerngawy; OpenDaylight Discuss; [email protected]; OpenDaylight Infrastructure; Daniel Malachovsky -X (dmalacho - PANTHEON TECHNOLOGIES at Cisco) Subject: Re: [release] [OpenDaylight Discuss] Certificate changes I'm somewhat on Ed's side here. A huge number of developers use Macs. Most people will have Oracle JDKs of some kind turned on. Reasonably recent ones aren't working. Despite this whole thread, I still don't have instructions that have gotten the build to work on my Mac. I'll put some more cycles into it later, but at this point I've personally lost ~2 hours to the problem and I haven't seen clear instructions on how to fix it. :-( --Colin On Thu, Mar 30, 2017 at 12:39 PM, Ed Warnicke <[email protected]<mailto:[email protected]>> wrote: The question is... how many people *don't* find help and just *presume* we are broken out of the box (literally don't build for reasons that are not obvious to most people). Ed On Thu, Mar 30, 2017 at 9:05 AM, Vishal Thapar <[email protected]<mailto:[email protected]>> wrote: I helped someone else using Win7 resolve. He too got it working by getting the certificate via browser than though commandline. One thing we noticed that fingerprint of the two [browser vs cli] was different. I too confirmed the same in my own setup. Would it be possible to share certificate fingerprint so all can confirm if they got it correct or not? Regards, Vishal. From: Colin Dixon [mailto:[email protected]<mailto:[email protected]>] Sent: 30 March 2017 21:30 To: Mohamed ElSerngawy <[email protected]<mailto:[email protected]>> Cc: Vishal Thapar <[email protected]<mailto:[email protected]>>; Ed Warnicke <[email protected]<mailto:[email protected]>>; OpenDaylight Discuss <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]>; OpenDaylight Infrastructure <[email protected]<mailto:[email protected]>>; Daniel Malachovsky -X (dmalacho - PANTHEON TECHNOLOGIES at Cisco) <[email protected]<mailto:[email protected]>> Subject: Re: [release] [OpenDaylight Discuss] Certificate changes I haven't had more time to debug it since I found the issue. Hopefully I'll have some time today. --Colin On Fri, Mar 24, 2017 at 11:04 AM, Mohamed ElSerngawy <[email protected]<mailto:[email protected]>> wrote: Hi Colin, I have the same issue and tried all the suggested fixes but didn't work. I'm using Mac and java 8, did u succeed to fix it ? Thanks On Fri, Mar 24, 2017 at 5:58 AM, Daniel Malachovsky -X (dmalacho - PANTHEON TECHNOLOGIES at Cisco) <[email protected]<mailto:[email protected]>> wrote: Hi, When I followed Anil’s how-to, I had problems too. Then I saved certificate manually via browser in Base-64 encoded X.509 format and ran keytool command Anil sent. Everything worked. On Windows 7. dano From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Vishal Thapar Sent: 24. marca 2017 5:13 To: Colin Dixon; Ed Warnicke Cc: OpenDaylight Discuss; [email protected]<mailto:[email protected]>; OpenDaylight Infrastructure Subject: Re: [release] [OpenDaylight Discuss] Certificate changes Colin, Did you confirm the fingerprint of the certificate to make sure it is added to keystore correctly? BTW, I have added ‘-Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts’ to my MAVEN_OPTS so I don’t need to give it manually everytime. Also, I’m using Windows, not Linux. Regards, Vishal. From: Colin Dixon [mailto:[email protected]] Sent: 24 March 2017 02:05 To: Ed Warnicke <[email protected]<mailto:[email protected]>> Cc: Vishal Thapar <[email protected]<mailto:[email protected]>>; OpenDaylight Discuss <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]>; OpenDaylight Infrastructure <[email protected]<mailto:[email protected]>> Subject: Re: [release] [OpenDaylight Discuss] Certificate changes (Dropping TSC.) Actually, I'm still working my way through this. I cannot seem to get my Mac to trust the new ODL nexus cert. Even following Anil's suggestions above and then trying it with -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts and I still get lots of errors like: [WARNING] Could not transfer metadata org.opendaylight.netconf:netconf-client:1.2.0-SNAPSHOT/maven-metadata.xml from/to opendaylight-snapshot (https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I'll keep shaving the Yak for a bit. I suspect moving to Linux and OpenJDK would fix it. --Colin On Thu, Mar 23, 2017 at 4:26 PM, Ed Warnicke <[email protected]<mailto:[email protected]>> wrote: Do we know what the root cause is of having to use that? Ed On Thu, Mar 23, 2017 at 1:24 PM, Colin Dixon <[email protected]<mailto:[email protected]>> wrote: While the -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts option fixes the problem, it feels like the "wrong" answer. Is there a right answer? --Colin On Mon, Mar 20, 2017 at 8:05 AM, Vishal Thapar <[email protected]<mailto:[email protected]>> wrote: Thank you Ivan, this worked for me. From: Ivan Hraško [mailto:[email protected]<mailto:[email protected]>] Sent: 20 March 2017 15:44 To: Vishal Thapar <[email protected]<mailto:[email protected]>>; Anil Belur <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]>; OpenDaylight Discuss <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]>; OpenDaylight Infrastructure <[email protected]<mailto:[email protected]>> Subject: Re: [release] [OpenDaylight Discuss] Certificate changes Hi you can try: mvn clean install -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts maybe it helps ________________________________ Od: Vishal Thapar <[email protected]<mailto:[email protected]>> Odoslané: 20. marca 2017 11:04 Komu: Anil Belur Kópia: [email protected]<mailto:[email protected]>; OpenDaylight Discuss; [email protected]<mailto:[email protected]>; OpenDaylight Infrastructure Predmet: Re: [release] [OpenDaylight Discuss] Certificate changes Hi Anil, I got the certificate downloaded and checked my cert store to confirm also, but still getting the same error. Regards, Vishal. From: Anil Belur [mailto:[email protected]] Sent: 20 March 2017 14:48 To: Vishal Thapar <[email protected]<mailto:[email protected]>> Cc: Andrew Grimberg <[email protected]<mailto:[email protected]>>; OpenDaylight Discuss <[email protected]<mailto:[email protected]>>; OpenDaylight Infrastructure <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Subject: Re: [OpenDaylight Discuss] [release] Certificate changes On Mon, Mar 20, 2017 at 5:41 PM, Vishal Thapar <[email protected]<mailto:[email protected]>> wrote: Hi Andrew, I am facing cert issues when trying to build locally. Does this require any specific version of Java? Do I need to manually update certificates? This is what I have: $ java -version java version "1.8.0_60" Java(TM) SE Runtime Environment (build 1.8.0_60-b27) Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode) This is the error I am getting: Downloading: https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/org/opendaylight/neutron/model/0.8.0-SNAPSHOT/maven-metadata.xml [WARNING] Could not transfer metadata org.opendaylight.neutron:model:0.8.0-SNAPSHOT/maven-metadata.xml from/to opendaylight-snapshot (https://nexus.opendaylight.org/content/reposit ories/opendaylight.snapshot/): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target Hello Vishal, This possibly looks like the cert chain may not be imported into your $JAVA_HOME key store. For fixing this, I would try downloading the cert file and using keytool to import the certificate{s}. --[cut]-- openssl s_client -connect nexus.opendaylight.org:443<http://nexus.opendaylight.org:443> < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt <JAVA_HOME>/bin/keytool -import -alias nexus.opendaylight.org:443<http://nexus.opendaylight.org:443> -keystore <JAVA_HOME>/jre/lib/security/cacerts -file public.crt --[/cut]-- Thanks, Anil _______________________________________________ Discuss mailing list [email protected]<mailto:[email protected]> https://lists.opendaylight.org/mailman/listinfo/discuss _______________________________________________ release mailing list [email protected]<mailto:[email protected]> https://lists.opendaylight.org/mailman/listinfo/release _______________________________________________ release mailing list [email protected]<mailto:[email protected]> https://lists.opendaylight.org/mailman/listinfo/release
_______________________________________________ Discuss mailing list [email protected] https://lists.opendaylight.org/mailman/listinfo/discuss
