Re: [OpenDaylight Discuss] [release] Certificate changes

2017-03-30 Thread Ryan Goulding 
+1.

Regards,

Ryan Goulding

On Thu, Mar 30, 2017 at 6:12 PM, Ed Warnicke  wrote:

> I think it's also probably worth noting that we are basically talking
> about less than $80 a year and a small number of minutes to solve
> this problem:
>
> https://ssl.comodo.com/landing/ssl/index-new03.php?af=7697=sem=
> CUCSEM2017=Cj0KEQjw2fLGBRDopP-vg7PLgvsBEiQAUOnIXA9GgtA5W0JH7o0_
> Wt7EGiajYLoSUAxbkydr78bfzi4aAnm78P8HAQ
>
> Its not like its expensive or hard.
>
> Ed
>
> On Thu, Mar 30, 2017 at 10:09 AM, FREEMAN, BRIAN D  wrote:
>
>> This type of change is really terrible from my perspective. We have
>> developers working on production features and we cant have a situation
>> where they simply can’t get their job done because of something as simple
>> as a certificate update. This is not a research project where a few people
>> just need to see the note on the coffee machine that they should use  joe’s
>> email to update their environment.
>>
>>
>>
>> We need to make sure that we don’t break the build process for
>> developers. I also agree that reducing barriers to entry for the community
>> needs to be lower not higher.
>>
>>
>>
>> My two cents is to fix the problem and put a certificate in that actually
>> is widely accepted by our tools. Down the road when the certificate
>> authority is available in the predominant tools being used a different
>> answer might be possible.
>>
>>
>>
>> Brian
>>
>>
>>
>>
>>
>>
>>
>> *From:* discuss-boun...@lists.opendaylight.org [mailto:
>> discuss-boun...@lists.opendaylight.org] *On Behalf Of *Colin Dixon
>> *Sent:* Thursday, March 30, 2017 12:51 PM
>> *To:* Ed Warnicke 
>> *Cc:* OpenDaylight Discuss ;
>> rele...@lists.opendaylight.org; OpenDaylight Infrastructure <
>> infrastruct...@lists.opendaylight.org>; Vishal Thapar <
>> vishal.tha...@ericsson.com>; Mohamed ElSerngawy ;
>> Daniel Malachovsky -X (dmalacho - PANTHEON TECHNOLOGIES at Cisco) <
>> dmala...@cisco.com>
>>
>> *Subject:* Re: [OpenDaylight Discuss] [release] Certificate changes
>>
>>
>>
>> I'm somewhat on Ed's side here. A huge number of developers use Macs.
>> Most people will have Oracle JDKs of some kind turned on. Reasonably recent
>> ones aren't working. Despite this whole thread, I still don't have
>> instructions that have gotten the build to work on my Mac. I'll put some
>> more cycles into it later, but at this point I've personally lost ~2 hours
>> to the problem and I haven't seen clear instructions on how to fix it. :-(
>>
>>
>>
>> --Colin
>>
>>
>>
>>
>>
>> On Thu, Mar 30, 2017 at 12:39 PM, Ed Warnicke  wrote:
>>
>> The question is... how many people *don't* find help and just *presume*
>> we are broken out of the box (literally don't build for reasons that are
>> not obvious to most people).
>>
>>
>>
>> Ed
>>
>>
>>
>> On Thu, Mar 30, 2017 at 9:05 AM, Vishal Thapar <
>> vishal.tha...@ericsson.com> wrote:
>>
>> I helped someone else using Win7 resolve. He too got it working by
>> getting the certificate via browser than though commandline. One thing we
>> noticed that fingerprint of the two [browser vs cli] was different. I too
>> confirmed the same in my own setup.
>>
>>
>>
>> Would it be possible to share certificate fingerprint so all can confirm
>> if they got it correct or not?
>>
>>
>>
>> Regards,
>>
>> Vishal.
>>
>>
>>
>> *From:* Colin Dixon [mailto:co...@colindixon.com]
>> *Sent:* 30 March 2017 21:30
>> *To:* Mohamed ElSerngawy 
>> *Cc:* Vishal Thapar ; Ed Warnicke <
>> hagb...@gmail.com>; OpenDaylight Discuss ;
>> rele...@lists.opendaylight.org; OpenDaylight Infrastructure <
>> infrastruct...@lists.opendaylight.org>; Daniel Malachovsky -X (dmalacho
>> - PANTHEON TECHNOLOGIES at Cisco) 
>>
>>
>> *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes
>>
>>
>>
>> I haven't had more time to debug it since I found the issue. Hopefully
>> I'll have some time today.
>>
>>
>>
>> --Colin
>>
>>
>>
>>
>>
>> On Fri, Mar 24, 2017 at 11:04 AM, Mohamed ElSerngawy <
>> melserng...@inocybe.ca> wrote:
>>
>> Hi Colin,
>>
>>
>>
>> I have the same issue and tried all the suggested fixes but didn't work.
>> I'm using Mac and java 8, did u succeed to fix it ?
>>
>>
>>
>> Thanks
>>
>>
>>
>> On Fri, Mar 24, 2017 at 5:58 AM, Daniel Malachovsky -X (dmalacho -
>> PANTHEON TECHNOLOGIES at Cisco)  wrote:
>>
>> Hi,
>>
>>
>>
>> When I followed Anil’s how-to, I had problems too.
>>
>> Then I saved certificate manually via browser in Base-64 encoded X.509
>> format and ran keytool command Anil sent. Everything worked.
>> On Windows 7.
>>
>>
>>
>> dano
>>
>>
>>
>> *From:* release-boun...@lists.opendaylight.org [mailto:
>> release-boun...@lists.opendaylight.org] *On Behalf Of *Vishal Thapar
>> *Sent:* 24. marca 2017 5:13
>> *To:* Colin Dixon; Ed Warnicke
>> *Cc:*

[OpenDaylight Discuss] No TSC call next week (4/6) because of ONS

2017-03-30 Thread Colin Dixon 
As decided here:
https://meetings.opendaylight.org/opendaylight-meeting/2017/tsc/opendaylight-meeting-tsc.2017-03-16-17.00.html

See point 3.h.

Cheers,
--Colin
___
Discuss mailing list
Discuss@lists.opendaylight.org
https://lists.opendaylight.org/mailman/listinfo/discuss

[OpenDaylight Discuss] TSC meeting minutes for 3/30/17

2017-03-30 Thread Colin Dixon 
The TSC met for an hour on Thursday, March 30th. Complete minutes can be
found here:
https://meetings.opendaylight.org/opendaylight-meeting/2017/tsc/opendaylight-meeting-tsc.2017-03-30-17.03.html

Major topics included:
* Working toward releasing Boron-SR3, hopefully today or tomorrow
* Discussing the Carbon release and in particular work migrating to Karaf 4
* Discussing experimenting with Zoom as an alternative to WebEx for
conference calls

Cheers,
--Colin
___
Discuss mailing list
Discuss@lists.opendaylight.org
https://lists.opendaylight.org/mailman/listinfo/discuss

Re: [OpenDaylight Discuss] [release] Certificate changes

2017-03-30 Thread Colin Dixon 
I'm somewhat on Ed's side here. A huge number of developers use Macs. Most
people will have Oracle JDKs of some kind turned on. Reasonably recent ones
aren't working. Despite this whole thread, I still don't have instructions
that have gotten the build to work on my Mac. I'll put some more cycles
into it later, but at this point I've personally lost ~2 hours to the
problem and I haven't seen clear instructions on how to fix it. :-(

--Colin


On Thu, Mar 30, 2017 at 12:39 PM, Ed Warnicke  wrote:

> The question is... how many people *don't* find help and just *presume* we
> are broken out of the box (literally don't build for reasons that are not
> obvious to most people).
>
> Ed
>
> On Thu, Mar 30, 2017 at 9:05 AM, Vishal Thapar  > wrote:
>
>> I helped someone else using Win7 resolve. He too got it working by
>> getting the certificate via browser than though commandline. One thing we
>> noticed that fingerprint of the two [browser vs cli] was different. I too
>> confirmed the same in my own setup.
>>
>>
>>
>> Would it be possible to share certificate fingerprint so all can confirm
>> if they got it correct or not?
>>
>>
>>
>> Regards,
>>
>> Vishal.
>>
>>
>>
>> *From:* Colin Dixon [mailto:co...@colindixon.com]
>> *Sent:* 30 March 2017 21:30
>> *To:* Mohamed ElSerngawy 
>> *Cc:* Vishal Thapar ; Ed Warnicke <
>> hagb...@gmail.com>; OpenDaylight Discuss ;
>> rele...@lists.opendaylight.org; OpenDaylight Infrastructure <
>> infrastruct...@lists.opendaylight.org>; Daniel Malachovsky -X (dmalacho
>> - PANTHEON TECHNOLOGIES at Cisco) 
>>
>> *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes
>>
>>
>>
>> I haven't had more time to debug it since I found the issue. Hopefully
>> I'll have some time today.
>>
>>
>>
>> --Colin
>>
>>
>>
>>
>>
>> On Fri, Mar 24, 2017 at 11:04 AM, Mohamed ElSerngawy <
>> melserng...@inocybe.ca> wrote:
>>
>> Hi Colin,
>>
>>
>>
>> I have the same issue and tried all the suggested fixes but didn't work.
>> I'm using Mac and java 8, did u succeed to fix it ?
>>
>>
>>
>> Thanks
>>
>>
>>
>> On Fri, Mar 24, 2017 at 5:58 AM, Daniel Malachovsky -X (dmalacho -
>> PANTHEON TECHNOLOGIES at Cisco)  wrote:
>>
>> Hi,
>>
>>
>>
>> When I followed Anil’s how-to, I had problems too.
>>
>> Then I saved certificate manually via browser in Base-64 encoded X.509
>> format and ran keytool command Anil sent. Everything worked.
>> On Windows 7.
>>
>>
>>
>> dano
>>
>>
>>
>> *From:* release-boun...@lists.opendaylight.org [mailto:
>> release-boun...@lists.opendaylight.org] *On Behalf Of *Vishal Thapar
>> *Sent:* 24. marca 2017 5:13
>> *To:* Colin Dixon; Ed Warnicke
>> *Cc:* OpenDaylight Discuss; rele...@lists.opendaylight.org; OpenDaylight
>> Infrastructure
>>
>>
>> *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes
>>
>>
>>
>> Colin,
>>
>>
>>
>> Did you confirm the fingerprint of the certificate to make sure it is
>> added to keystore correctly?
>>
>>
>>
>> BTW, I have added ‘-Djavax.net.ssl.trustStore=$J
>> AVA_HOME/jre/lib/security/cacerts’ to my MAVEN_OPTS so I don’t need to
>> give it manually everytime.
>>
>>
>>
>> Also, I’m using Windows, not Linux.
>>
>>
>>
>> Regards,
>>
>> Vishal.
>>
>>
>>
>> *From:* Colin Dixon [mailto:co...@colindixon.com ]
>> *Sent:* 24 March 2017 02:05
>> *To:* Ed Warnicke 
>> *Cc:* Vishal Thapar ; OpenDaylight Discuss <
>> discuss@lists.opendaylight.org>; rele...@lists.opendaylight.org;
>> OpenDaylight Infrastructure 
>> *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes
>>
>>
>>
>> (Dropping TSC.)
>>
>>
>>
>> Actually, I'm still working my way through this. I cannot seem to get my
>> Mac to trust the new ODL nexus cert. Even following Anil's suggestions
>> above and then trying it with -Djavax.net.ssl.trustStor
>> e=$JAVA_HOME/jre/lib/security/cacerts and I still get lots of errors
>> like:
>>
>> [WARNING] Could not transfer metadata org.opendaylight.netconf:netco
>> nf-client:1.2.0-SNAPSHOT/maven-metadata.xml from/to
>> opendaylight-snapshot (https://nexus.opendaylight.or
>> g/content/repositories/opendaylight.snapshot/):
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>> find valid certification path to requested target
>>
>>
>>
>> I'll keep shaving the Yak for a bit. I suspect moving to Linux and
>> OpenJDK would fix it.
>>
>>
>>
>> --Colin
>>
>>
>>
>>
>>
>> On Thu, Mar 23, 2017 at 4:26 PM, Ed Warnicke  wrote:
>>
>> Do we know what the root cause is of having to use that?
>>
>>
>>
>> Ed
>>
>>
>>
>> On Thu, Mar 23, 2017 at 1:24 PM, Colin Dixon 
>> wrote:
>>
>> While the

Re: [OpenDaylight Discuss] [release] Certificate changes

2017-03-30 Thread Ed Warnicke 
The question is... how many people *don't* find help and just *presume* we
are broken out of the box (literally don't build for reasons that are not
obvious to most people).

Ed

On Thu, Mar 30, 2017 at 9:05 AM, Vishal Thapar 
wrote:

> I helped someone else using Win7 resolve. He too got it working by getting
> the certificate via browser than though commandline. One thing we noticed
> that fingerprint of the two [browser vs cli] was different. I too confirmed
> the same in my own setup.
>
>
>
> Would it be possible to share certificate fingerprint so all can confirm
> if they got it correct or not?
>
>
>
> Regards,
>
> Vishal.
>
>
>
> *From:* Colin Dixon [mailto:co...@colindixon.com]
> *Sent:* 30 March 2017 21:30
> *To:* Mohamed ElSerngawy 
> *Cc:* Vishal Thapar ; Ed Warnicke <
> hagb...@gmail.com>; OpenDaylight Discuss ;
> rele...@lists.opendaylight.org; OpenDaylight Infrastructure <
> infrastruct...@lists.opendaylight.org>; Daniel Malachovsky -X (dmalacho -
> PANTHEON TECHNOLOGIES at Cisco) 
>
> *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes
>
>
>
> I haven't had more time to debug it since I found the issue. Hopefully
> I'll have some time today.
>
>
>
> --Colin
>
>
>
>
>
> On Fri, Mar 24, 2017 at 11:04 AM, Mohamed ElSerngawy <
> melserng...@inocybe.ca> wrote:
>
> Hi Colin,
>
>
>
> I have the same issue and tried all the suggested fixes but didn't work.
> I'm using Mac and java 8, did u succeed to fix it ?
>
>
>
> Thanks
>
>
>
> On Fri, Mar 24, 2017 at 5:58 AM, Daniel Malachovsky -X (dmalacho -
> PANTHEON TECHNOLOGIES at Cisco)  wrote:
>
> Hi,
>
>
>
> When I followed Anil’s how-to, I had problems too.
>
> Then I saved certificate manually via browser in Base-64 encoded X.509
> format and ran keytool command Anil sent. Everything worked.
> On Windows 7.
>
>
>
> dano
>
>
>
> *From:* release-boun...@lists.opendaylight.org [mailto:
> release-boun...@lists.opendaylight.org] *On Behalf Of *Vishal Thapar
> *Sent:* 24. marca 2017 5:13
> *To:* Colin Dixon; Ed Warnicke
> *Cc:* OpenDaylight Discuss; rele...@lists.opendaylight.org; OpenDaylight
> Infrastructure
>
>
> *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes
>
>
>
> Colin,
>
>
>
> Did you confirm the fingerprint of the certificate to make sure it is
> added to keystore correctly?
>
>
>
> BTW, I have added 
> ‘-Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts’
> to my MAVEN_OPTS so I don’t need to give it manually everytime.
>
>
>
> Also, I’m using Windows, not Linux.
>
>
>
> Regards,
>
> Vishal.
>
>
>
> *From:* Colin Dixon [mailto:co...@colindixon.com ]
> *Sent:* 24 March 2017 02:05
> *To:* Ed Warnicke 
> *Cc:* Vishal Thapar ; OpenDaylight Discuss <
> discuss@lists.opendaylight.org>; rele...@lists.opendaylight.org;
> OpenDaylight Infrastructure 
> *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes
>
>
>
> (Dropping TSC.)
>
>
>
> Actually, I'm still working my way through this. I cannot seem to get my
> Mac to trust the new ODL nexus cert. Even following Anil's suggestions
> above and then trying it with -Djavax.net.ssl.
> trustStore=$JAVA_HOME/jre/lib/security/cacerts and I still get lots of
> errors like:
>
> [WARNING] Could not transfer metadata org.opendaylight.netconf:
> netconf-client:1.2.0-SNAPSHOT/maven-metadata.xml from/to
> opendaylight-snapshot (https://nexus.opendaylight.
> org/content/repositories/opendaylight.snapshot/): 
> sun.security.validator.ValidatorException:
> PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
>
>
>
> I'll keep shaving the Yak for a bit. I suspect moving to Linux and OpenJDK
> would fix it.
>
>
>
> --Colin
>
>
>
>
>
> On Thu, Mar 23, 2017 at 4:26 PM, Ed Warnicke  wrote:
>
> Do we know what the root cause is of having to use that?
>
>
>
> Ed
>
>
>
> On Thu, Mar 23, 2017 at 1:24 PM, Colin Dixon  wrote:
>
> While the -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts
> option fixes the problem, it feels like the "wrong" answer. Is there a
> right answer?
>
>
>
> --Colin
>
>
>
>
>
> On Mon, Mar 20, 2017 at 8:05 AM, Vishal Thapar 
> wrote:
>
> Thank you Ivan, this worked for me.
>
>
>
> *From:* Ivan Hraško [mailto:ivan.hra...@pantheon.tech]
> *Sent:* 20 March 2017 15:44
> *To:* Vishal Thapar ; Anil Belur <
> abe...@linuxfoundation.org>
> *Cc:* t...@lists.opendaylight.org; OpenDaylight Discuss <
> discuss@lists.opendaylight.org>; rele...@lists.opendaylight.org;
> OpenDaylight Infrastructure 
> *Subject:* Re: [release] [OpenDaylight Discuss] Certificate

Re: [OpenDaylight Discuss] [release] Certificate changes

2017-03-30 Thread Ed Warnicke 
Initial impressions *matter*.  For example, my local Mac updater reports I
am on Java 8_121... and yet for reasons I have yet to get around to
debugging, my maven is using Java 8 77.  I'm someone who can figure that
out without a lot of difficulty.  I can tell you from tons of experience
onboarding new devs to ODL, expecting that in general is to high a bar.

I get that we have in the past sometimes hit insurmountable bugs in the JVM
that could only be fixed in the most recent JDK... some realities are
beyond are capacity to change... but the cert situation is an unforced
error where we are trading a trivial monetary savings for producing
potentially a lot of initial bad experienes for prospective developers...
most of whom will *not* complain, and will *not* come back, and will simply
tell their friends ODL is broken out of the box.

*Not* keeping a cert compatible with all versions of Java 1.8 until we've
moved on definitively from Java 1.8 (ie: ODL no longer supports Java 1.8 at
all, much as we've deprecated Java 1.7) is deeply penny wise and pound
foolish.

Ed

On Tue, Mar 28, 2017 at 8:37 AM, Thanh Ha 
wrote:

> On Mon, Mar 27, 2017 at 11:32 PM, Ed Warnicke  wrote:
>
>> Anil,
>>
>> Thats nice... but at the end of the day, here's the net-net... a large
>> subset of the world's first experience trying to do ODL development is
>> going to be that we are inexplicably broken in a cryptic way.  I strongly
>> recommend we get a cert that is supported by *any* Oracle JDK 1.8, and wait
>> for Oracle JDK 1.8 to be deprecated for use for ODL development (typically
>> something that happens after 1.8 itself has EOLed) *before* using a Let's
>> Encrypt Cert.
>>
>> Initial exposure matters tremendously, and a first experience of "It's
>> broken" is not what we want.
>>
>> Ed
>>
>
> FWIW I don't think using expired versions of Java is good practice either.
> Oracle releases regular critical security patches [1] for a reason.
> According to [0] JDK8 Update 77 was expired on April 19, 2016. Users of
> Oracle's JDK should have received warnings that a new version is available
> and to update.
>
> As someone who used Mac and Windows in the past, I can understand it's
> annoying to receive those update popups and the temptation is to ignore it
> but as developers working on next generation network technology I don't
> think it's unreasonable that we also follow good security practices and
> keep our tools up to date.
>
> Regards,
> Thanh
>
> [0] http://www.oracle.com/technetwork/java/javase/8u77-
> relnotes-2944725.html
> [1] https://www.oracle.com/technetwork/topics/security/alerts-086861.html
>
___
Discuss mailing list
Discuss@lists.opendaylight.org
https://lists.opendaylight.org/mailman/listinfo/discuss

[OpenDaylight Discuss] TSC meeting minutes for 3/23

2017-03-30 Thread Colin Dixon 
The TSC met for an our on Thursday, March 23rd 2017 for the 3rd
APAC-friendly timed meeting. Full minutes can be found here:
https://meetings.opendaylight.org/opendaylight-meeting/2017/tsc/opendaylight-meeting-tsc.2017-03-24-03.30.html

Major topics included:
* Working on getting Boron-SR3 released
* Tracking Carbon as we enter the M5-RC-release stretch

Cheers,
--Colin
___
Discuss mailing list
Discuss@lists.opendaylight.org
https://lists.opendaylight.org/mailman/listinfo/discuss

Re: [OpenDaylight Discuss] [release] Certificate changes

2017-03-30 Thread Vishal Thapar 
I helped someone else using Win7 resolve. He too got it working by getting the 
certificate via browser than though commandline. One thing we noticed that 
fingerprint of the two [browser vs cli] was different. I too confirmed the same 
in my own setup.

Would it be possible to share certificate fingerprint so all can confirm if 
they got it correct or not?

Regards,
Vishal.

From: Colin Dixon [mailto:co...@colindixon.com]
Sent: 30 March 2017 21:30
To: Mohamed ElSerngawy 
Cc: Vishal Thapar ; Ed Warnicke 
; OpenDaylight Discuss ; 
rele...@lists.opendaylight.org; OpenDaylight Infrastructure 
; Daniel Malachovsky -X (dmalacho - 
PANTHEON TECHNOLOGIES at Cisco) 
Subject: Re: [release] [OpenDaylight Discuss] Certificate changes

I haven't had more time to debug it since I found the issue. Hopefully I'll 
have some time today.

--Colin


On Fri, Mar 24, 2017 at 11:04 AM, Mohamed ElSerngawy 
> wrote:
Hi Colin,

I have the same issue and tried all the suggested fixes but didn't work. I'm 
using Mac and java 8, did u succeed to fix it ?

Thanks

On Fri, Mar 24, 2017 at 5:58 AM, Daniel Malachovsky -X (dmalacho - PANTHEON 
TECHNOLOGIES at Cisco) > wrote:
Hi,

When I followed Anil’s how-to, I had problems too.
Then I saved certificate manually via browser in Base-64 encoded X.509 format 
and ran keytool command Anil sent. Everything worked.
On Windows 7.

dano

From: 
release-boun...@lists.opendaylight.org
 
[mailto:release-boun...@lists.opendaylight.org]
 On Behalf Of Vishal Thapar
Sent: 24. marca 2017 5:13
To: Colin Dixon; Ed Warnicke
Cc: OpenDaylight Discuss; 
rele...@lists.opendaylight.org; 
OpenDaylight Infrastructure

Subject: Re: [release] [OpenDaylight Discuss] Certificate changes

Colin,

Did you confirm the fingerprint of the certificate to make sure it is added to 
keystore correctly?

BTW, I have added 
‘-Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts’ to my 
MAVEN_OPTS so I don’t need to give it manually everytime.

Also, I’m using Windows, not Linux.

Regards,
Vishal.

From: Colin Dixon [mailto:co...@colindixon.com]
Sent: 24 March 2017 02:05
To: Ed Warnicke >
Cc: Vishal Thapar 
>; OpenDaylight 
Discuss 
>; 
rele...@lists.opendaylight.org; 
OpenDaylight Infrastructure 
>
Subject: Re: [release] [OpenDaylight Discuss] Certificate changes

(Dropping TSC.)

Actually, I'm still working my way through this. I cannot seem to get my Mac to 
trust the new ODL nexus cert. Even following Anil's suggestions above and then 
trying it with -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts 
and I still get lots of errors like:
[WARNING] Could not transfer metadata 
org.opendaylight.netconf:netconf-client:1.2.0-SNAPSHOT/maven-metadata.xml 
from/to opendaylight-snapshot 
(https://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/): 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target

I'll keep shaving the Yak for a bit. I suspect moving to Linux and OpenJDK 
would fix it.

--Colin


On Thu, Mar 23, 2017 at 4:26 PM, Ed Warnicke 
> wrote:
Do we know what the root cause is of having to use that?

Ed

On Thu, Mar 23, 2017 at 1:24 PM, Colin Dixon 
> wrote:
While the -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts option 
fixes the problem, it feels like the "wrong" answer. Is there a right answer?

--Colin


On Mon, Mar 20, 2017 at 8:05 AM, Vishal Thapar 
> wrote:
Thank you Ivan, this worked for me.

From: Ivan Hraško 
[mailto:ivan.hra...@pantheon.tech]
Sent: 20 March 2017 15:44
To: Vishal Thapar 
>; Anil Belur 
>
Cc: t...@lists.opendaylight.org; 
OpenDaylight Discuss 
>; 
rele...@lists.opendaylight.org; 
OpenDaylight Infrastructure

Re: [OpenDaylight Discuss] [release] Certificate changes

2017-03-30 Thread Colin Dixon 
I haven't had more time to debug it since I found the issue. Hopefully I'll
have some time today.

--Colin


On Fri, Mar 24, 2017 at 11:04 AM, Mohamed ElSerngawy  wrote:

> Hi Colin,
>
> I have the same issue and tried all the suggested fixes but didn't work.
> I'm using Mac and java 8, did u succeed to fix it ?
>
> Thanks
>
> On Fri, Mar 24, 2017 at 5:58 AM, Daniel Malachovsky -X (dmalacho -
> PANTHEON TECHNOLOGIES at Cisco)  wrote:
>
>> Hi,
>>
>>
>>
>> When I followed Anil’s how-to, I had problems too.
>>
>> Then I saved certificate manually via browser in Base-64 encoded X.509
>> format and ran keytool command Anil sent. Everything worked.
>> On Windows 7.
>>
>>
>>
>> dano
>>
>>
>>
>> *From:* release-boun...@lists.opendaylight.org [mailto:
>> release-boun...@lists.opendaylight.org] *On Behalf Of *Vishal Thapar
>> *Sent:* 24. marca 2017 5:13
>> *To:* Colin Dixon; Ed Warnicke
>> *Cc:* OpenDaylight Discuss; rele...@lists.opendaylight.org; OpenDaylight
>> Infrastructure
>>
>> *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes
>>
>>
>>
>> Colin,
>>
>>
>>
>> Did you confirm the fingerprint of the certificate to make sure it is
>> added to keystore correctly?
>>
>>
>>
>> BTW, I have added ‘-Djavax.net.ssl.trustStore=$J
>> AVA_HOME/jre/lib/security/cacerts’ to my MAVEN_OPTS so I don’t need to
>> give it manually everytime.
>>
>>
>>
>> Also, I’m using Windows, not Linux.
>>
>>
>>
>> Regards,
>>
>> Vishal.
>>
>>
>>
>> *From:* Colin Dixon [mailto:co...@colindixon.com ]
>> *Sent:* 24 March 2017 02:05
>> *To:* Ed Warnicke 
>> *Cc:* Vishal Thapar ; OpenDaylight Discuss <
>> discuss@lists.opendaylight.org>; rele...@lists.opendaylight.org;
>> OpenDaylight Infrastructure 
>> *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes
>>
>>
>>
>> (Dropping TSC.)
>>
>>
>>
>> Actually, I'm still working my way through this. I cannot seem to get my
>> Mac to trust the new ODL nexus cert. Even following Anil's suggestions
>> above and then trying it with -Djavax.net.ssl.trustStor
>> e=$JAVA_HOME/jre/lib/security/cacerts and I still get lots of errors
>> like:
>>
>> [WARNING] Could not transfer metadata org.opendaylight.netconf:netco
>> nf-client:1.2.0-SNAPSHOT/maven-metadata.xml from/to
>> opendaylight-snapshot (https://nexus.opendaylight.or
>> g/content/repositories/opendaylight.snapshot/):
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>> find valid certification path to requested target
>>
>>
>>
>> I'll keep shaving the Yak for a bit. I suspect moving to Linux and
>> OpenJDK would fix it.
>>
>>
>>
>> --Colin
>>
>>
>>
>>
>>
>> On Thu, Mar 23, 2017 at 4:26 PM, Ed Warnicke  wrote:
>>
>> Do we know what the root cause is of having to use that?
>>
>>
>>
>> Ed
>>
>>
>>
>> On Thu, Mar 23, 2017 at 1:24 PM, Colin Dixon 
>> wrote:
>>
>> While the -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts
>> option fixes the problem, it feels like the "wrong" answer. Is there a
>> right answer?
>>
>>
>>
>> --Colin
>>
>>
>>
>>
>>
>> On Mon, Mar 20, 2017 at 8:05 AM, Vishal Thapar <
>> vishal.tha...@ericsson.com> wrote:
>>
>> Thank you Ivan, this worked for me.
>>
>>
>>
>> *From:* Ivan Hraško [mailto:ivan.hra...@pantheon.tech]
>> *Sent:* 20 March 2017 15:44
>> *To:* Vishal Thapar ; Anil Belur <
>> abe...@linuxfoundation.org>
>> *Cc:* t...@lists.opendaylight.org; OpenDaylight Discuss <
>> discuss@lists.opendaylight.org>; rele...@lists.opendaylight.org;
>> OpenDaylight Infrastructure 
>> *Subject:* Re: [release] [OpenDaylight Discuss] Certificate changes
>>
>>
>>
>> Hi
>>
>>
>>
>> you can try:
>>
>>
>>
>> mvn clean install -Djavax.net.ssl.trustStore=$JAVA_HOME
>> /jre/lib/security/cacerts
>>
>>
>>
>> maybe it helps
>> --
>>
>> *Od:* Vishal Thapar 
>> *Odoslané:* 20. marca 2017 11:04
>> *Komu:* Anil Belur
>> *Kópia:* t...@lists.opendaylight.org; OpenDaylight Discuss;
>> rele...@lists.opendaylight.org; OpenDaylight Infrastructure
>> *Predmet:* Re: [release] [OpenDaylight Discuss] Certificate changes
>>
>>
>>
>> Hi Anil,
>>
>>
>>
>> I got the certificate downloaded and checked my cert store to confirm
>> also, but still getting the same error.
>>
>>
>>
>> Regards,
>>
>> Vishal.
>>
>>
>>
>> *From:* Anil Belur [mailto:abe...@linuxfoundation.org
>> ]
>> *Sent:* 20 March 2017 14:48
>> *To:* Vishal Thapar 
>> *Cc:* Andrew Grimberg ; OpenDaylight
>> Discuss ; OpenDaylight Infrastructure <
>> infrastruct...@lists.opendaylight.org>; rele...@lists.opendaylight.org;
>> t...@lists.opendaylight.org

[OpenDaylight Discuss] Updated Invitation: OpenDaylight - OPNFV community sync meeting @ Monthly from 10am to 11am on the third Thursday from Thu Mar 19, 2015 to Thu Mar 16 (EDT) (discuss@lists.openda

2017-03-30 Thread dneary 
BEGIN:VCALENDAR
PRODID:-//Google Inc//Google Calendar 70.9054//EN
VERSION:2.0
CALSCALE:GREGORIAN
METHOD:REQUEST
BEGIN:VTIMEZONE
TZID:America/New_York
X-LIC-LOCATION:America/New_York
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:19700308T02
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:19701101T02
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20150319T10
DTEND;TZID=America/New_York:20150319T11
RRULE:FREQ=MONTHLY;UNTIL=20170316T14Z;INTERVAL=1;BYDAY=3TH
DTSTAMP:20170330T142801Z
ORGANIZER;CN=Dave Neary:mailto:dne...@redhat.com
UID:ded30137-1257-45b4-ab14-97b4dedb69db
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=controller-...@lists.opendaylight.org;X-NUM-GUESTS=0:mailto:control
 ler-...@lists.opendaylight.org
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=cfi...@enterasys.com;X-NUM-GUESTS=0:mailto:cficik@extremenetworks.c
 om
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=rova...@cisco.com;X-NUM-GUESTS=0:mailto:rova...@cisco.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=vgunt...@brocade.com;X-NUM-GUESTS=0:mailto:vgunt...@brocade.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=zhang.ju...@zte.com.cn;X-NUM-GUESTS=0:mailto:zhang.ju...@zte.com.cn
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=glenn.sei...@windriver.com;X-NUM-GUESTS=0:mailto:glenn.seiler@windr
 iver.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=christopher.pr...@ericsson.com;X-NUM-GUESTS=0:mailto:christopher.pr
 i...@ericsson.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=james.luhr...@hp.com;X-NUM-GUESTS=0:mailto:james.luhr...@hp.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=helen.c...@huawei.com;X-NUM-GUESTS=0:mailto:helen.c...@huawei.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=vijam...@in.ibm.com;X-NUM-GUESTS=0:mailto:vijam...@in.ibm.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=bs3...@att.com;X-NUM-GUESTS=0:mailto:bs3...@att.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=paparao.palacha...@us.fujitsu.com;X-NUM-GUESTS=0:mailto:paparao.pal
 acha...@us.fujitsu.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=john.b...@hp.com;X-NUM-GUESTS=0:mailto:john.b...@hp.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=wangjin...@chinamobile.com;X-NUM-GUESTS=0:mailto:wangjinzhu@chinamo
 bile.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=DECLINED;RSVP=TRUE
 ;CN=fzdar...@redhat.com;X-NUM-GUESTS=0:mailto:fzdar...@redhat.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=gershon.schatzb...@intel.com;X-NUM-GUESTS=0:mailto:gershon.schatzbe
 r...@intel.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=paul-andre.raym...@nexius.com;X-NUM-GUESTS=0:mailto:paul-andre.raym
 o...@nexius.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=gmain...@contextream.com;X-NUM-GUESTS=0:mailto:gmainzer@contextream
 .com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=peter.po...@ericsson.com;X-NUM-GUESTS=0:mailto:peter.pozar@ericsson
 .com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=ACCEPTED;RSVP=TRUE
 ;CN=dne...@redhat.com;X-NUM-GUESTS=0:mailto:dne...@redhat.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=psar...@us.ibm.com;X-NUM-GUESTS=0:mailto:psar...@us.ibm.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=sl...@vmware.com;X-NUM-GUESTS=0:mailto:sl...@vmware.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=carol.sand...@brocade.com;X-NUM-GUESTS=0:mailto:carol.sanders@broca
 de.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=ville.peso...@ericsson.com;X-NUM-GUESTS=0:mailto:ville.pesonen@eric
 sson.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=raymond.nug...@huawei.com;X-NUM-GUESTS=0:mailto:raymond.nugent@huaw
 ei.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=s...@ubiqube.com;X-NUM-GUESTS=0:mailto:s...@ubiqube.com
ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=
 TRUE;CN=yunchao...@huawei.com;X-NUM-GUESTS=0:mailto:yunchao...@huawei.com