(Dropping TSC.) Actually, I'm still working my way through this. I cannot seem to get my Mac to trust the new ODL nexus cert. Even following Anil's suggestions above and then trying it with -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts and I still get lots of errors like: [WARNING] Could not transfer metadata org.opendaylight.netconf:netconf-client:1.2.0-SNAPSHOT/maven-metadata.xml from/to opendaylight-snapshot ( https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I'll keep shaving the Yak for a bit. I suspect moving to Linux and OpenJDK would fix it. --Colin On Thu, Mar 23, 2017 at 4:26 PM, Ed Warnicke <hagb...@gmail.com> wrote: > Do we know what the root cause is of having to use that? > > Ed > > On Thu, Mar 23, 2017 at 1:24 PM, Colin Dixon <co...@colindixon.com> wrote: > >> While the -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts >> option fixes the problem, it feels like the "wrong" answer. Is there a >> right answer? >> >> --Colin >> >> >> On Mon, Mar 20, 2017 at 8:05 AM, Vishal Thapar < >> vishal.tha...@ericsson.com> wrote: >> >>> Thank you Ivan, this worked for me. >>> >>> >>> >>> *From:* Ivan Hraško [mailto:ivan.hra...@pantheon.tech] >>> *Sent:* 20 March 2017 15:44 >>> *To:* Vishal Thapar <vishal.tha...@ericsson.com>; Anil Belur < >>> abe...@linuxfoundation.org> >>> *Cc:* t...@lists.opendaylight.org; OpenDaylight Discuss < >>> disc...@lists.opendaylight.org>; rele...@lists.opendaylight.org; >>> OpenDaylight Infrastructure <infrastructure@lists.opendaylight.org> >>> *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes >>> >>> >>> >>> Hi >>> >>> >>> >>> you can try: >>> >>> >>> >>> mvn clean install -Djavax.net.ssl.trustStore=$JAVA_HOME >>> /jre/lib/security/cacerts >>> >>> >>> >>> maybe it helps >>> ------------------------------ >>> >>> *Od:* Vishal Thapar <vishal.tha...@ericsson.com> >>> *Odoslané:* 20. marca 2017 11:04 >>> *Komu:* Anil Belur >>> *Kópia:* t...@lists.opendaylight.org; OpenDaylight Discuss; >>> rele...@lists.opendaylight.org; OpenDaylight Infrastructure >>> *Predmet:* Re: [release] [OpenDaylight Discuss] Certificate changes >>> >>> >>> >>> Hi Anil, >>> >>> >>> >>> I got the certificate downloaded and checked my cert store to confirm >>> also, but still getting the same error. >>> >>> >>> >>> Regards, >>> >>> Vishal. >>> >>> >>> >>> *From:* Anil Belur [mailto:abe...@linuxfoundation.org >>> <abe...@linuxfoundation.org>] >>> *Sent:* 20 March 2017 14:48 >>> *To:* Vishal Thapar <vishal.tha...@ericsson.com> >>> *Cc:* Andrew Grimberg <agrimb...@linuxfoundation.org>; OpenDaylight >>> Discuss <disc...@lists.opendaylight.org>; OpenDaylight Infrastructure < >>> infrastructure@lists.opendaylight.org>; rele...@lists.opendaylight.org; >>> t...@lists.opendaylight.org >>> *Subject:* Re: [OpenDaylight Discuss] [release] Certificate changes >>> >>> >>> >>> >>> >>> >>> >>> On Mon, Mar 20, 2017 at 5:41 PM, Vishal Thapar < >>> vishal.tha...@ericsson.com> wrote: >>> >>> Hi Andrew, >>> >>> I am facing cert issues when trying to build locally. Does this require >>> any specific version of Java? Do I need to manually update certificates? >>> >>> This is what I have: >>> $ java -version >>> java version "1.8.0_60" >>> Java(TM) SE Runtime Environment (build 1.8.0_60-b27) >>> Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode) >>> >>> This is the error I am getting: >>> >>> Downloading: https://nexus.opendaylight.org >>> /content/repositories/opendaylight.snapshot/org/opendaylight >>> /neutron/model/0.8.0-SNAPSHOT/maven-metadata.xml >>> [WARNING] Could not transfer metadata org.opendaylight.neutron:model >>> :0.8.0-SNAPSHOT/maven-metadata.xml from/to opendaylight-snapshot ( >>> https://nexus.opendaylight.org/content/reposit >>> ories/opendaylight.snapshot/ >>> <https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/>): >>> sun.security.validator.ValidatorException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>> find vali >>> d certification path to requested target >>> >>> >>> >>> Hello Vishal, >>> >>> >>> >>> This possibly looks like the cert chain may not be imported into your >>> $JAVA_HOME key store. For fixing this, I would try downloading the cert >>> file and using keytool to import the certificate{s}. >>> >>> >>> >>> --[cut]-- >>> >>> openssl s_client -connect nexus.opendaylight.org:443 < /dev/null | sed >>> -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt >>> >>> <JAVA_HOME>/bin/keytool -import -alias nexus.opendaylight.org:443 -keystore >>> <JAVA_HOME>/jre/lib/security/cacerts -file public.crt >>> >>> --[/cut]-- >>> >>> >>> >>> Thanks, >>> >>> Anil >>> >>> _______________________________________________ >>> Discuss mailing list >>> disc...@lists.opendaylight.org >>> https://lists.opendaylight.org/mailman/listinfo/discuss >>> >>> >> >> _______________________________________________ >> release mailing list >> rele...@lists.opendaylight.org >> https://lists.opendaylight.org/mailman/listinfo/release >> >> >
_______________________________________________ infrastructure mailing list infrastructure@lists.opendaylight.org https://lists.opendaylight.org/mailman/listinfo/infrastructure