I think it's also probably worth noting that we are basically talking about less than $80 a year and a small number of minutes to solve this problem:
https://ssl.comodo.com/landing/ssl/index-new03.php?af=7697&key1sk1=sem&ap=CUCSEM2017&gclid=Cj0KEQjw2fLGBRDopP-vg7PLgvsBEiQAUOnIXA9GgtA5W0JH7o0_Wt7EGiajYLoSUAxbkydr78bfzi4aAnm78P8HAQ Its not like its expensive or hard. Ed On Thu, Mar 30, 2017 at 10:09 AM, FREEMAN, BRIAN D <bf1...@att.com> wrote: > This type of change is really terrible from my perspective. We have > developers working on production features and we cant have a situation > where they simply can’t get their job done because of something as simple > as a certificate update. This is not a research project where a few people > just need to see the note on the coffee machine that they should use joe’s > email to update their environment. > > > > We need to make sure that we don’t break the build process for developers. > I also agree that reducing barriers to entry for the community needs to be > lower not higher. > > > > My two cents is to fix the problem and put a certificate in that actually > is widely accepted by our tools. Down the road when the certificate > authority is available in the predominant tools being used a different > answer might be possible. > > > > Brian > > > > > > > > *From:* discuss-boun...@lists.opendaylight.org [mailto: > discuss-boun...@lists.opendaylight.org] *On Behalf Of *Colin Dixon > *Sent:* Thursday, March 30, 2017 12:51 PM > *To:* Ed Warnicke <hagb...@gmail.com> > *Cc:* OpenDaylight Discuss <disc...@lists.opendaylight.org>; > rele...@lists.opendaylight.org; OpenDaylight Infrastructure < > infrastructure@lists.opendaylight.org>; Vishal Thapar < > vishal.tha...@ericsson.com>; Mohamed ElSerngawy <melserng...@inocybe.ca>; > Daniel Malachovsky -X (dmalacho - PANTHEON TECHNOLOGIES at Cisco) < > dmala...@cisco.com> > > *Subject:* Re: [OpenDaylight Discuss] [release] Certificate changes > > > > I'm somewhat on Ed's side here. A huge number of developers use Macs. Most > people will have Oracle JDKs of some kind turned on. Reasonably recent ones > aren't working. Despite this whole thread, I still don't have instructions > that have gotten the build to work on my Mac. I'll put some more cycles > into it later, but at this point I've personally lost ~2 hours to the > problem and I haven't seen clear instructions on how to fix it. :-( > > > > --Colin > > > > > > On Thu, Mar 30, 2017 at 12:39 PM, Ed Warnicke <hagb...@gmail.com> wrote: > > The question is... how many people *don't* find help and just *presume* we > are broken out of the box (literally don't build for reasons that are not > obvious to most people). > > > > Ed > > > > On Thu, Mar 30, 2017 at 9:05 AM, Vishal Thapar <vishal.tha...@ericsson.com> > wrote: > > I helped someone else using Win7 resolve. He too got it working by getting > the certificate via browser than though commandline. One thing we noticed > that fingerprint of the two [browser vs cli] was different. I too confirmed > the same in my own setup. > > > > Would it be possible to share certificate fingerprint so all can confirm > if they got it correct or not? > > > > Regards, > > Vishal. > > > > *From:* Colin Dixon [mailto:co...@colindixon.com] > *Sent:* 30 March 2017 21:30 > *To:* Mohamed ElSerngawy <melserng...@inocybe.ca> > *Cc:* Vishal Thapar <vishal.tha...@ericsson.com>; Ed Warnicke < > hagb...@gmail.com>; OpenDaylight Discuss <disc...@lists.opendaylight.org>; > rele...@lists.opendaylight.org; OpenDaylight Infrastructure < > infrastructure@lists.opendaylight.org>; Daniel Malachovsky -X (dmalacho - > PANTHEON TECHNOLOGIES at Cisco) <dmala...@cisco.com> > > > *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes > > > > I haven't had more time to debug it since I found the issue. Hopefully > I'll have some time today. > > > > --Colin > > > > > > On Fri, Mar 24, 2017 at 11:04 AM, Mohamed ElSerngawy < > melserng...@inocybe.ca> wrote: > > Hi Colin, > > > > I have the same issue and tried all the suggested fixes but didn't work. > I'm using Mac and java 8, did u succeed to fix it ? > > > > Thanks > > > > On Fri, Mar 24, 2017 at 5:58 AM, Daniel Malachovsky -X (dmalacho - > PANTHEON TECHNOLOGIES at Cisco) <dmala...@cisco.com> wrote: > > Hi, > > > > When I followed Anil’s how-to, I had problems too. > > Then I saved certificate manually via browser in Base-64 encoded X.509 > format and ran keytool command Anil sent. Everything worked. > On Windows 7. > > > > dano > > > > *From:* release-boun...@lists.opendaylight.org [mailto: > release-boun...@lists.opendaylight.org] *On Behalf Of *Vishal Thapar > *Sent:* 24. marca 2017 5:13 > *To:* Colin Dixon; Ed Warnicke > *Cc:* OpenDaylight Discuss; rele...@lists.opendaylight.org; OpenDaylight > Infrastructure > > > *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes > > > > Colin, > > > > Did you confirm the fingerprint of the certificate to make sure it is > added to keystore correctly? > > > > BTW, I have added > ‘-Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts’ > to my MAVEN_OPTS so I don’t need to give it manually everytime. > > > > Also, I’m using Windows, not Linux. > > > > Regards, > > Vishal. > > > > *From:* Colin Dixon [mailto:co...@colindixon.com <co...@colindixon.com>] > *Sent:* 24 March 2017 02:05 > *To:* Ed Warnicke <hagb...@gmail.com> > *Cc:* Vishal Thapar <vishal.tha...@ericsson.com>; OpenDaylight Discuss < > disc...@lists.opendaylight.org>; rele...@lists.opendaylight.org; > OpenDaylight Infrastructure <infrastructure@lists.opendaylight.org> > *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes > > > > (Dropping TSC.) > > > > Actually, I'm still working my way through this. I cannot seem to get my > Mac to trust the new ODL nexus cert. Even following Anil's suggestions > above and then trying it with -Djavax.net.ssl. > trustStore=$JAVA_HOME/jre/lib/security/cacerts and I still get lots of > errors like: > > [WARNING] Could not transfer metadata org.opendaylight.netconf: > netconf-client:1.2.0-SNAPSHOT/maven-metadata.xml from/to > opendaylight-snapshot (https://nexus.opendaylight. > org/content/repositories/opendaylight.snapshot/ > <https://urldefense.proofpoint.com/v2/url?u=https-3A__nexus.opendaylight.org_content_repositories_opendaylight.snapshot_&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=zhOZWSM-XsqNSaDYfUWAZ5QqiUfF_TkX6rN3oAtaYbo&e=>): > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > > > > I'll keep shaving the Yak for a bit. I suspect moving to Linux and OpenJDK > would fix it. > > > > --Colin > > > > > > On Thu, Mar 23, 2017 at 4:26 PM, Ed Warnicke <hagb...@gmail.com> wrote: > > Do we know what the root cause is of having to use that? > > > > Ed > > > > On Thu, Mar 23, 2017 at 1:24 PM, Colin Dixon <co...@colindixon.com> wrote: > > While the -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts > option fixes the problem, it feels like the "wrong" answer. Is there a > right answer? > > > > --Colin > > > > > > On Mon, Mar 20, 2017 at 8:05 AM, Vishal Thapar <vishal.tha...@ericsson.com> > wrote: > > Thank you Ivan, this worked for me. > > > > *From:* Ivan Hraško [mailto:ivan.hra...@pantheon.tech] > *Sent:* 20 March 2017 15:44 > *To:* Vishal Thapar <vishal.tha...@ericsson.com>; Anil Belur < > abe...@linuxfoundation.org> > *Cc:* t...@lists.opendaylight.org; OpenDaylight Discuss < > disc...@lists.opendaylight.org>; rele...@lists.opendaylight.org; > OpenDaylight Infrastructure <infrastructure@lists.opendaylight.org> > *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes > > > > Hi > > > > you can try: > > > > mvn clean install -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/ > cacerts > > > > maybe it helps > ------------------------------ > > *Od:* Vishal Thapar <vishal.tha...@ericsson.com> > *Odoslané:* 20. marca 2017 11:04 > *Komu:* Anil Belur > *Kópia:* t...@lists.opendaylight.org; OpenDaylight Discuss; > rele...@lists.opendaylight.org; OpenDaylight Infrastructure > *Predmet:* Re: [release] [OpenDaylight Discuss] Certificate changes > > > > Hi Anil, > > > > I got the certificate downloaded and checked my cert store to confirm > also, but still getting the same error. > > > > Regards, > > Vishal. > > > > *From:* Anil Belur [mailto:abe...@linuxfoundation.org > <abe...@linuxfoundation.org>] > *Sent:* 20 March 2017 14:48 > *To:* Vishal Thapar <vishal.tha...@ericsson.com> > *Cc:* Andrew Grimberg <agrimb...@linuxfoundation.org>; OpenDaylight > Discuss <disc...@lists.opendaylight.org>; OpenDaylight Infrastructure < > infrastructure@lists.opendaylight.org>; rele...@lists.opendaylight.org; > t...@lists.opendaylight.org > *Subject:* Re: [OpenDaylight Discuss] [release] Certificate changes > > > > > > > > On Mon, Mar 20, 2017 at 5:41 PM, Vishal Thapar <vishal.tha...@ericsson.com> > wrote: > > Hi Andrew, > > I am facing cert issues when trying to build locally. Does this require > any specific version of Java? Do I need to manually update certificates? > > This is what I have: > $ java -version > java version "1.8.0_60" > Java(TM) SE Runtime Environment (build 1.8.0_60-b27) > Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode) > > This is the error I am getting: > > Downloading: https://nexus.opendaylight.org/content/repositories/ > opendaylight.snapshot/org/opendaylight/neutron/model/0. > 8.0-SNAPSHOT/maven-metadata.xml > <https://urldefense.proofpoint.com/v2/url?u=https-3A__nexus.opendaylight.org_content_repositories_opendaylight.snapshot_org_opendaylight_neutron_model_0.8.0-2DSNAPSHOT_maven-2Dmetadata.xml&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=_7EA3wBrVPgD5fyf_Y4VexAtPVbSCSrOhFsW7C5C9Mg&e=> > [WARNING] Could not transfer metadata org.opendaylight.neutron: > model:0.8.0-SNAPSHOT/maven-metadata.xml from/to opendaylight-snapshot ( > https://nexus.opendaylight.org/content/reposit > ories/opendaylight.snapshot/ > <https://urldefense.proofpoint.com/v2/url?u=https-3A__nexus.opendaylight.org_content_repositories_opendaylight.snapshot_&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=zhOZWSM-XsqNSaDYfUWAZ5QqiUfF_TkX6rN3oAtaYbo&e=>): > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find vali > d certification path to requested target > > > > Hello Vishal, > > > > This possibly looks like the cert chain may not be imported into your > $JAVA_HOME key store. For fixing this, I would try downloading the cert > file and using keytool to import the certificate{s}. > > > > --[cut]-- > > openssl s_client -connect nexus.opendaylight.org:443 > <https://urldefense.proofpoint.com/v2/url?u=http-3A__nexus.opendaylight.org-3A443&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=FH6_t1pVsbX1PZCJpHvmC0iMppF7orclbkhXkcEIImU&e=> > < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > > public.crt > > <JAVA_HOME>/bin/keytool -import -alias nexus.opendaylight.org:443 > <https://urldefense.proofpoint.com/v2/url?u=http-3A__nexus.opendaylight.org-3A443&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=FH6_t1pVsbX1PZCJpHvmC0iMppF7orclbkhXkcEIImU&e=> > -keystore <JAVA_HOME>/jre/lib/security/cacerts -file public.crt > > --[/cut]-- > > > > Thanks, > > Anil > > > > _______________________________________________ > Discuss mailing list > disc...@lists.opendaylight.org > https://lists.opendaylight.org/mailman/listinfo/discuss > <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.opendaylight.org_mailman_listinfo_discuss&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=abifMKRwH1nJqdg1D9d172UBoV3C3T6A8sWAEkSMizE&e=> > > > > > > _______________________________________________ > release mailing list > rele...@lists.opendaylight.org > https://lists.opendaylight.org/mailman/listinfo/release > <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.opendaylight.org_mailman_listinfo_release&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=Zn_VBQtg6Bmv-j4_Ns-Ooaek88SPuH0vVtZ0boGsXec&e=> > > > > > > > _______________________________________________ > release mailing list > rele...@lists.opendaylight.org > https://lists.opendaylight.org/mailman/listinfo/release > <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.opendaylight.org_mailman_listinfo_release&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=uBj55npKdZzmknZBH8T6rA_mnkjvhm46lTDniL9KvBM&s=Zn_VBQtg6Bmv-j4_Ns-Ooaek88SPuH0vVtZ0boGsXec&e=> > > > > > > > > >
_______________________________________________ infrastructure mailing list infrastructure@lists.opendaylight.org https://lists.opendaylight.org/mailman/listinfo/infrastructure