[jira] [Comment Edited] (NETBEANS-3810) Netbeans 11.3 does not report clearly certificate problems downloading javafx and nb-javac
[ https://issues.apache.org/jira/browse/NETBEANS-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17114440#comment-17114440 ] Eric Bresie edited comment on NETBEANS-3810 at 5/22/20, 10:52 PM: -- Not sure if this is related, but was reading a recent thread about root ca certificate issues on openjdk mailing list (1) which seems to follow with some aspect of missing. This made me wonder if maybe there is something related to the version of jdk in use where some trusted certs may no longer be available in the JDK in use. Another question, I’ve also read recently that maven central is no longer supporting insecure (i.e. http) connections in favor of https and related secure. I’m wonder if this has the side effect that ssl/https requiring ca root/trusted/keystone is more prevalent now causing more dependency on secure communications. Maybe at install or first startup can do some preparation steps including checking on network proxy and related security session for initial setup, then if subsequent network calls if network is not good due to security purposes then maybe can cause a dialog to allow adding the certs as applicable to a share or app specific cert key store (1)https://mail.openjdk.java.net/pipermail/jdk-dev/2020-May/004305.html (2) [https://support.sonatype.com/hc/en-us/articles/360041287334-Central-501-HTTPS-Required] was (Author: ebresie): Not sure if this is related, but was reading a recent thread about root ca certificate issues on openjdk mailing list (1) which seems to follow with some aspect of missing. This made me wonder if maybe there is something related to the version of jdk in use where some trusted certs may no longer be available in the JDK in use. Another question, I’ve also read recently that maven central is no longer supporting insecure (i.e. http) connections in favor of https and related secure. I’m wonder if this has the side effect that ssl/https requiring ca root/trusted/keystone is more prevalent now causing more dependency on secure communications. Maybe at install or first startup can do some preparation steps including checking on network proxy and related security session for initial setup, then if subsequent network calls if network is not good due to security purposes then maybe can cause a dialog to allow adding the certs as applicable to a share or app specific cert key store (1)[https://mail.openjdk.java.net/pipermail/jdk-dev/2020-May/004305.html (2) |https://mail.openjdk.java.net/pipermail/jdk-dev/2020-May/004305.html]https://support.sonatype.com/hc/en-us/articles/360041287334-Central-501-HTTPS-Required > Netbeans 11.3 does not report clearly certificate problems downloading javafx > and nb-javac > -- > > Key: NETBEANS-3810 > URL: https://issues.apache.org/jira/browse/NETBEANS-3810 > Project: NetBeans > Issue Type: Bug > Components: platform - Autoupdate >Affects Versions: 11.3 > Environment: Windows 2016 server, Intel Xeon, 48G RAM. > Network includes a proxy server with deep packet inspection and certificate > rewriting. >Reporter: Michele Costabile >Assignee: Michele Costabile >Priority: Minor > Labels: documentation, newbie > Fix For: 11.3 > > Attachments: Netbeans-11.3_bug.PNG, Netbeans-11.3_plugin-problem.PNG, > Netbeans-11.3_plugin.PNG > > > NetBeans cannot get past installation of JavaFX and nb-javac on my > installation behind a company firewall. This problem was also in 11.2, but it > did not stop the IDE from working. It just kept on quietly asking for > nb-javac installation. > 11.3, on the other hand does not seem to get past this problem. It keeps on > asking for installation of javafx and nb-javac and "Loading projects" never > comes to an end. > I tested my proxy setting in options and I have a green light with system > settings and also with manual settings. > In any case I have never been able to install nb-javac and could not find > instructions on how to install manually the plugin. > Note that my proxy has deep packet inspection and can create problems with > certificate verification on SSL. > > EDIT: the request for installation is not an infinite loop. It appears to be > once for every open project. Hitting cancel more times, the progress bar in > the status bar eventually gets to 100%, but all the projects are reported > broken. > > EDIT: as you can see from the comments below, it was really a problem with > certificates. When you are behind a proxy with deep inspection, certificates > are manipulated in such a way that you have to trust your company root > certificate to avoid failure in trust chains. > This becomes a NetBeans installation
[jira] [Comment Edited] (NETBEANS-3810) Netbeans 11.3 does not report clearly certificate problems downloading javafx and nb-javac
[ https://issues.apache.org/jira/browse/NETBEANS-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17107053#comment-17107053 ] Jean-Marc Borer edited comment on NETBEANS-3810 at 5/14/20, 8:05 AM: - This is a very nice plugin. It think it shall be part of the Netbeans distribution (same as IntelliJ). So much less pain for newcomers to use the IDE. was (Author: jmborer): This is a very nice plugin. It think it shall be part of the Netbeans distribution (same as IntelliJ). > Netbeans 11.3 does not report clearly certificate problems downloading javafx > and nb-javac > -- > > Key: NETBEANS-3810 > URL: https://issues.apache.org/jira/browse/NETBEANS-3810 > Project: NetBeans > Issue Type: Bug > Components: platform - Autoupdate >Affects Versions: 11.3 > Environment: Windows 2016 server, Intel Xeon, 48G RAM. > Network includes a proxy server with deep packet inspection and certificate > rewriting. >Reporter: Michele Costabile >Assignee: Michele Costabile >Priority: Minor > Labels: documentation, newbie > Fix For: 11.3 > > Attachments: Netbeans-11.3_bug.PNG, Netbeans-11.3_plugin-problem.PNG, > Netbeans-11.3_plugin.PNG > > > NetBeans cannot get past installation of JavaFX and nb-javac on my > installation behind a company firewall. This problem was also in 11.2, but it > did not stop the IDE from working. It just kept on quietly asking for > nb-javac installation. > 11.3, on the other hand does not seem to get past this problem. It keeps on > asking for installation of javafx and nb-javac and "Loading projects" never > comes to an end. > I tested my proxy setting in options and I have a green light with system > settings and also with manual settings. > In any case I have never been able to install nb-javac and could not find > instructions on how to install manually the plugin. > Note that my proxy has deep packet inspection and can create problems with > certificate verification on SSL. > > EDIT: the request for installation is not an infinite loop. It appears to be > once for every open project. Hitting cancel more times, the progress bar in > the status bar eventually gets to 100%, but all the projects are reported > broken. > > EDIT: as you can see from the comments below, it was really a problem with > certificates. When you are behind a proxy with deep inspection, certificates > are manipulated in such a way that you have to trust your company root > certificate to avoid failure in trust chains. > This becomes a NetBeans installation problem because: > * Differently from other IDEs, NetBeans delegates everything to JDK, so it > requires that the trust problem is solved in the JDK, not in the IDE > preferences. The user should be able to find instructionsto resolve the > problem > * In 11.2 the IDE did not enter a loop waiting for nb'javac installation to > validate projects. It just gave up, causing less problems > * "Test connection" in proxy settings did not report certificate problems. A > full https connection should be tested > * The dialog box of nb-javac installation does not report certificate > problems, it rather dies without warning and the installation is stuck with a > progress bar at 100% and no notification other than "cannot resolve external > references ..." This hides the problem > > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[jira] [Comment Edited] (NETBEANS-3810) Netbeans 11.3 does not report clearly certificate problems downloading javafx and nb-javac
[ https://issues.apache.org/jira/browse/NETBEANS-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17039236#comment-17039236 ] Jean-Marc Borer edited comment on NETBEANS-3810 at 2/18/20 4:55 PM: These self signed CA certificates bring a lot of problems with any application that try to do HTTPS connections (not only Java based ones). Unfortunately companies use this approach mainly for cost reasons. Would they have used a certificate from a trusted authority, then it wouldn't be a problem. sigh. was (Author: jmborer): These self signed CA certificates bring a lot of problems with any application that tries to do HTTPS connections (not only Java based ones). Unfortunately companies use this approach mainly for cost reasons. Would they have used a certificate from a trusted authority, then it wouldn't be a problem. sigh. > Netbeans 11.3 does not report clearly certificate problems downloading javafx > and nb-javac > -- > > Key: NETBEANS-3810 > URL: https://issues.apache.org/jira/browse/NETBEANS-3810 > Project: NetBeans > Issue Type: Bug > Components: platform - Autoupdate >Affects Versions: 11.3 > Environment: Windows 2016 server, Intel Xeon, 48G RAM. > Network includes a proxy server with deep packet inspection and certificate > rewriting. >Reporter: Michele Costabile >Assignee: Michele Costabile >Priority: Minor > Labels: documentation, newbie > Fix For: 11.3 > > Attachments: Netbeans-11.3_bug.PNG, Netbeans-11.3_plugin-problem.PNG, > Netbeans-11.3_plugin.PNG > > > NetBeans cannot get past installation of JavaFX and nb-javac on my > installation behind a company firewall. This problem was also in 11.2, but it > did not stop the IDE from working. It just kept on quietly asking for > nb-javac installation. > 11.3, on the other hand does not seem to get past this problem. It keeps on > asking for installation of javafx and nb-javac and "Loading projects" never > comes to an end. > I tested my proxy setting in options and I have a green light with system > settings and also with manual settings. > In any case I have never been able to install nb-javac and could not find > instructions on how to install manually the plugin. > Note that my proxy has deep packet inspection and can create problems with > certificate verification on SSL. > > EDIT: the request for installation is not an infinite loop. It appears to be > once for every open project. Hitting cancel more times, the progress bar in > the status bar eventually gets to 100%, but all the projects are reported > broken. > > EDIT: as you can see from the comments below, it was really a problem with > certificates. When you are behind a proxy with deep inspection, certificates > are manipulated in such a way that you have to trust your company root > certificate to avoid failure in trust chains. > This becomes a NetBeans installation problem because: > * Differently from other IDEs, NetBeans delegates everything to JDK, so it > requires that the trust problem is solved in the JDK, not in the IDE > preferences. The user should be able to find instructionsto resolve the > problem > * In 11.2 the IDE did not enter a loop waiting for nb'javac installation to > validate projects. It just gave up, causing less problems > * "Test connection" in proxy settings did not report certificate problems. A > full https connection should be tested > * The dialog box of nb-javac installation does not report certificate > problems, it rather dies without warning and the installation is stuck with a > progress bar at 100% and no notification other than "cannot resolve external > references ..." This hides the problem > > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[jira] [Comment Edited] (NETBEANS-3810) Netbeans 11.3 does not report clearly certificate problems downloading javafx and nb-javac
[ https://issues.apache.org/jira/browse/NETBEANS-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17039186#comment-17039186 ] Jean-Marc Borer edited comment on NETBEANS-3810 at 2/18/20 3:57 PM: I have exactly the very same issue. Moreover, my company uses its own self-signed certificate and not one from a known provider. I think Michele is in the exact same situation. Therefore we must both install the root CA among the trusted CAs was (Author: jmborer): I have exactly the very same issue. Moreover, my company uses its own self-signed certificate and not one from a know provider. I think Michele is in the exact same situation. Therefore we must both install the root CA among the trusted CAs > Netbeans 11.3 does not report clearly certificate problems downloading javafx > and nb-javac > -- > > Key: NETBEANS-3810 > URL: https://issues.apache.org/jira/browse/NETBEANS-3810 > Project: NetBeans > Issue Type: Bug > Components: platform - Autoupdate >Affects Versions: 11.3 > Environment: Windows 2016 server, Intel Xeon, 48G RAM. > Network includes a proxy server with deep packet inspection and certificate > rewriting. >Reporter: Michele Costabile >Assignee: Michele Costabile >Priority: Minor > Labels: documentation, newbie > Fix For: 11.3 > > Attachments: Netbeans-11.3_bug.PNG, Netbeans-11.3_plugin-problem.PNG, > Netbeans-11.3_plugin.PNG > > > NetBeans cannot get past installation of JavaFX and nb-javac on my > installation behind a company firewall. This problem was also in 11.2, but it > did not stop the IDE from working. It just kept on quietly asking for > nb-javac installation. > 11.3, on the other hand does not seem to get past this problem. It keeps on > asking for installation of javafx and nb-javac and "Loading projects" never > comes to an end. > I tested my proxy setting in options and I have a green light with system > settings and also with manual settings. > In any case I have never been able to install nb-javac and could not find > instructions on how to install manually the plugin. > Note that my proxy has deep packet inspection and can create problems with > certificate verification on SSL. > > EDIT: the request for installation is not an infinite loop. It appears to be > once for every open project. Hitting cancel more times, the progress bar in > the status bar eventually gets to 100%, but all the projects are reported > broken. > > EDIT: as you can see from the comments below, it was really a problem with > certificates. When you are behind a proxy with deep inspection, certificates > are manipulated in such a way that you have to trust your company root > certificate to avoid failure in trust chains. > This becomes a NetBeans installation problem because: > * Differently from other IDEs, NetBeans delegates everything to JDK, so it > requires that the trust problem is solved in the JDK, not in the IDE > preferences. The user should be able to find instructionsto resolve the > problem > * In 11.2 the IDE did not enter a loop waiting for nb'javac installation to > validate projects. It just gave up, causing less problems > * "Test connection" in proxy settings did not report certificate problems. A > full https connection should be tested > * The dialog box of nb-javac installation does not report certificate > problems, it rather dies without warning and the installation is stuck with a > progress bar at 100% and no notification other than "cannot resolve external > references ..." This hides the problem > > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[jira] [Comment Edited] (NETBEANS-3810) Netbeans 11.3 does not report clearly certificate problems downloading javafx and nb-javac
[
https://issues.apache.org/jira/browse/NETBEANS-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17039181#comment-17039181
]
Michele Costabile edited comment on NETBEANS-3810 at 2/18/20 3:55 PM:
--
Geertjan, I propose the following text
IF the certificate error is reported properly
Invalid certificate error downloading plugin, You should import your
corporate root CA in the trust store of your JDK installation.
ELSE
Unable to download plugin. You might have to import your corporate root CA
in the trust store of your JDK installation.
Perhaps the current JDK location could also be reported.
The long explanation might be this
{quote}NetBeans has settings for a proxy server, but no provision for
customizing TLS trust chains, therefore the effective settings are those which
are set in the JDK used by NetBeans, which is specified in your settings.
If you are behind a company proxy with deep inspection, certificates will be
forged to allow inspection by the proxy of secure traffic. Packets will be
open, inspected and repackaged with a different certificate. From your
workstation, pages downloaded on an https connection will apppear to be signed
by a company root certificate, rather than the original. Therefore, the trust
chain will be broken and secure connections which verify certificate trust
will break, unless you instruct the JDK to trust the signing certificate.
To do this, you should open any page with an https prefix with your favorite
browser, inspect the trust chain that appears close to the URL box, clicking on
a lock icon, or similar indication, then download the root certificate in .cer
format.
Once you have the certificate, you should import it with
keytool -import -trustcacerts -alias companyRootCA -file -keystore
As of OpenJDK 11, the trusted store, on Windows, is in
"%JAVA_HOME%\lib\security\cacerts" on unix, in
${JAVA_HOME}/lib/security/cacerts". The default password is "changeit"
{quote}
The number one issue, however, should be to detect and report that the
connection breaks because of a trust problem, not any other random network
problem.
Hope this helps.
Edit: multiple corrections for clarity
was (Author: mico):
Geertjan, I propose the following text
IF the certificate error is reported properly
Invalid certificate error downloading plugin, You should import your
corporate root CA in the trust store of your JDK installation.
ELSE
Unable to download plugin. You might have to import your corporate root CA
in the trust store of your JDK installation.
Perhaps the current JDK location could also be reported.
The long explanation might be this
{quote}NetBeans has settings for a proxy server, but no provision for
customizing TLS trust chains, therefore the effective settings are those which
are set in the JDK used by NetBeans, which is specified in your settings.
If you are behind a company proxy with deep inspection, certificates will be
forged to allow inspection by the proxy of secure traffic. Packets will be
open, inspected and repackaged with a different certificate. From your
workstation, pages downloaded on an https connection will apppear to be signed
by a company root certificate, rather than the original. Therefore, the trust
chain will be broken and secure connections which verify certificate trust
will break, unless you instruct the JDK to trust the signing certificate.
To do this, you should open any page with an https prefix with your favorite
browser, inspect the trust chain that appears close to the URL box, clicking on
a lock icon, or similar indication, then inspect your trust chain and download
the root certificate in .cer format.
Once you have the certificate, you should import it with
keytool -import -trustcacerts -alias companyRootCA -file -keystore
As of OpenJDK 11, the trusted store, on Windows, is in
"%JAVA_HOME%\lib\security\cacerts" on unix, in
${JAVA_HOME}/lib/security/cacerts". The default password is "changeit"
{quote}
The number one issue, however, should be to detect and report that the
connection breaks because of a trust problem, not any other random network
problem.
Hope this helps.
> Netbeans 11.3 does not report clearly certificate problems downloading javafx
> and nb-javac
> --
>
> Key: NETBEANS-3810
> URL: https://issues.apache.org/jira/browse/NETBEANS-3810
> Project: NetBeans
> Issue Type: Bug
> Components: platform - Autoupdate
>Affects Versions: 11.3
> Environment: Windows 2016 server, Intel Xeon, 48G RAM.
> Network includes a proxy server with deep packet inspection and certificate
> rewriting.
>Reporter: Michele Costabile
>Assignee: Michele Costabile
>Priority: Minor
>
[jira] [Comment Edited] (NETBEANS-3810) Netbeans 11.3 does not report clearly certificate problems downloading javafx and nb-javac
[
https://issues.apache.org/jira/browse/NETBEANS-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17039181#comment-17039181
]
Michele Costabile edited comment on NETBEANS-3810 at 2/18/20 3:53 PM:
--
Geertjan, I propose the following text
IF the certificate error is reported properly
Invalid certificate error downloading plugin, You should import your
corporate root CA in the trust store of your JDK installation.
ELSE
Unable to download plugin. You might have to import your corporate root CA
in the trust store of your JDK installation.
Perhaps the current JDK location could also be reported.
The long explanation might be this
{quote}NetBeans has settings for a proxy server, but no provision for
customizing TLS trust chains, therefore the effective settings are those which
are set in the JDK used by NetBeans, which is specified in your settings.
If you are behind a company proxy with deep inspection, certificates will be
forged to allow inspection by the proxy of secure traffic. Packets will be
open, inspected and repackaged with a different certificate. From your
workstation, pages downloaded on an https connection will apppear to be signed
by a company root certificate, rather than the original. Therefore, the trust
chain will be broken and secure connections which verify certificate trust
will break, unless you instruct the JDK to trust the signing certificate.
To do this, you should open any page with an https prefix with your favorite
browser, inspect the trust chain that appears close to the URL box, clicking on
a lock icon, or similar indication, then inspect your trust chain and download
the root certificate in .cer format.
Once you have the certificate, you should import it with
keytool -import -trustcacerts -alias companyRootCA -file -keystore
As of OpenJDK 11, the trusted store, on Windows, is in
"%JAVA_HOME%\lib\security\cacerts" on unix, in
${JAVA_HOME}/lib/security/cacerts". The default password is "changeit"
{quote}
The number one issue, however, should be to detect and report that the
connection breaks because of a trust problem, not any other random network
problem.
Hope this helps.
was (Author: mico):
Geertjan, I propose the following text
IF the certificate error is reported properly
Invalid certificate error downloading plugin, You should import your
corporate root CA in the trust store of your JDK installation.
ELSE
Unable to download plugin. You might have to import your corporate root CA
in the trust store of your JDK installation.
Perhaps the current JDK location could also be reported.
The long explanation might be this
{quote}NetBeans has settings for a proxy server, but no provision for
customizing TLS trust chains, therefore the effective settings are those which
are set in the JDK used by NetBeans, which is specified in your settings.
If you are behind a company proxy with deep inspection, certificates will be
forged to allow inspection by the proxy of secure traffic. Packets will be
repackaged with different certificates and from your workstation, pages seen on
an https connection will apppear to be signed by a company root certificate,
rather than the original. Therefore, the trust chain will be broken unless you
set your company certification authority certificate in the trusted roots. This
causes secure connections that verify certificate trust to break, unless you
instruct the JDK to trust the new certificate.
To do this, you should open any page with an https prefix with your favorite
browser, inspect the trust chain that appears close to the URL box, clicking on
a lock icon, or similar indication, then inspect your trust chain and download
the root certificate in .cer format.
Once you have the certificate, you should import it with
keytool -import -trustcacerts -alias companyRootCA -file -keystore
As of OpenJDK 11, the trusted store, on Windows, is in
"%JAVA_HOME%\lib\security\cacerts" on unix, in
${JAVA_HOME}/lib/security/cacerts". The default password is "changeit"
{quote}
The number one issue, however, should be to detect and report that the
connection breaks because of a trust problem, not any other random network
problem.
Hope this helps.
> Netbeans 11.3 does not report clearly certificate problems downloading javafx
> and nb-javac
> --
>
> Key: NETBEANS-3810
> URL: https://issues.apache.org/jira/browse/NETBEANS-3810
> Project: NetBeans
> Issue Type: Bug
> Components: platform - Autoupdate
>Affects Versions: 11.3
> Environment: Windows 2016 server, Intel Xeon, 48G RAM.
> Network includes a proxy server with deep packet inspection and certificate
> rewriting.
>Reporter: Michele Costabile
>
[jira] [Comment Edited] (NETBEANS-3810) Netbeans 11.3 does not report clearly certificate problems downloading javafx and nb-javac
[
https://issues.apache.org/jira/browse/NETBEANS-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17039181#comment-17039181
]
Michele Costabile edited comment on NETBEANS-3810 at 2/18/20 3:50 PM:
--
Geertjan, I propose the following text
IF the certificate error is reported properly
Invalid certificate error downloading plugin, You should import your
corporate root CA in the trust store of your JDK installation.
ELSE
Unable to download plugin. You might have to import your corporate root CA
in the trust store of your JDK installation.
Perhaps the current JDK location could also be reported.
The long explanation might be this
{quote}NetBeans has settings for a proxy server, but no provision for
customizing TLS trust chains, therefore the effective settings are those which
are set in the JDK used by NetBeans, which is specified in your settings.
If you are behind a company proxy with deep inspection, certificates will be
forged to allow inspection by the proxy of secure traffic. Packets will be
repackaged with different certificates and from your workstation, pages seen on
an https connection will apppear to be signed by a company root certificate,
rather than the original. Therefore, the trust chain will be broken unless you
set your company certification authority certificate in the trusted roots. This
causes secure connections that verify certificate trust to break, unless you
instruct the JDK to trust the new certificate.
To do this, you should open any page with an https prefix with your favorite
browser, inspect the trust chain that appears close to the URL box, clicking on
a lock icon, or similar indication, then inspect your trust chain and download
the root certificate in .cer format.
Once you have the certificate, you should import it with
keytool -import -trustcacerts -alias companyRootCA -file -keystore
As of OpenJDK 11, the trusted store, on Windows, is in
"%JAVA_HOME%\lib\security\cacerts" on unix, in
${JAVA_HOME}/lib/security/cacerts". The default password is "changeit"
{quote}
The number one issue, however, should be to detect and report that the
connection breaks because of a trust problem, not any other random network
problem.
Hope this helps.
was (Author: mico):
Geertjan, I propose the following text
IF the certificate error is reported properly
Invalid certificate error downloading plugin, You should import your
corporate root CA in the trust store of your JDK installation.
ELSE
Unable to download plugin. You might have to import your corporate root CA
in the trust store of your JDK installation.
Perhaps the current JDK location could also be reported.
The long explanation might be this
{quote}NetBeans has settings for a proxy server, but no provision for
customizing TLS trust chains, therefore the effective settings are those which
are set in the JDK used by NetBeans, which specified in your settings.
If you are behind a company proxy with deep inspection, certificates will be
forged to allow inspection by the proxy of secure traffic. Packets will be
repackaged with different certificates and from your workstation, pages seen on
an https connection will apppear to be signed by a company root certificate,
rather than the original. Therefore, the trust chain will be broken unless you
set your company certification authority certificate in the trusted roots. This
causes secure connections that verify certificate trust to break, unless you
instruct the JDK to trust the new certificate.
To do this, you should open any page with an https prefix with your favorite
browser, inspect the trust chain that appears close to the URL box, clicking on
a lock icon, or similar indication, then inspect your trust chain and download
the root certificate in .cer format.
Once you have the certificate, you should import it with
keytool -import -trustcacerts -alias companyRootCA -file -keystore
As of OpenJDK 11, the trusted store, on Windows, is in
"%JAVA_HOME%\lib\security\cacerts" on unix, in
${JAVA_HOME}/lib/security/cacerts". The default password is "changeit"
{quote}
The number one issue, however, should be to detect and report that the
connection breaks because of a trust problem, not any other random network
problem.
Hope this helps.
> Netbeans 11.3 does not report clearly certificate problems downloading javafx
> and nb-javac
> --
>
> Key: NETBEANS-3810
> URL: https://issues.apache.org/jira/browse/NETBEANS-3810
> Project: NetBeans
> Issue Type: Bug
> Components: platform - Autoupdate
>Affects Versions: 11.3
> Environment: Windows 2016 server, Intel Xeon, 48G RAM.
> Network includes a proxy server with deep packet inspection and certificate
> rewriting.
>
