I want to use the https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem which is stored in my application jar i.e. using classpath. So I tried using the below jdbc url
jdbc:postgresql://<db-endpoint>:5432/pgdb?ssl=true&sslmode=verify-full&sslfactory=org.postgresql.ssl.SingleCertValidatingFactory&sslfactoryarg=classpath:global-bundle.pem
However, I am getting an exception
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Instead of classpath: I tried file: as well but same exception.
Without using SingleCertValidatingFactory, the .pem file works with file system path like below
jdbc:postgresql://<db-endpoint>:5432/pgdb?ssl=true&sslmode=verify-full&sslrootcert=/app/certs/global-bundle.pem
Does SingleCertValidatingFactory not work with .pem files? What do I need to do to make it work. Any help is appreciated.
SingleCertValidatingFactory does seem to work with us-east-1-bundle.pem. It seems to be having issue with global-bundle-pem which has all regional certificates combined. Another solution is to follow this doc to import each certificate into the JDK cacerts
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html#UsingWithRDS.SSL-certificate-rotation-sample-script
And then use
jdbc:postgresql://<db-endpoint>:5432/pgdb?ssl=true&sslmode=verify-full&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory
Related
I am currently including a submodule to my project (a scala project, using Maven for dependency management):
[submodule "src/main/resources/secrets"]
path = src/main/resources/secrets
url = <my repository url>.git
Having this submodule, my resources path (src/main/resources) looks like:
src/main/resources/secrets/anotherdirectory/secret.conf
If I try in my local to read the file using com.typesafe.config.ConfigFactory, it works well:
ConfigFactory.load("secret").getConfig("config")
However, when I run the application (using the .jar), I am unable to do the same, having the following error (and the file is the same):
com.typesafe.config.ConfigException$Missing: no configuration setting found for key
I've also tried to read as a file, which also works in my local, but gives me a null when .jar:
getClass.getClassLoader.getResource("secrets/cloud/anotherdirectory/secret.conf").getFile
Anyone had any similar issue?
Thank you.
I have updated java to JDK 19 and when I try opening Eclipse Marketspace i am getting below error,
MarketplaceDiscoveryStrategy failed with an error
Cannot complete request to https://marketplace.eclipse.org/api/p?client=org.eclipse.epp.mpc.core&client.version=1.6.4.v20180214-1810&os=win32&ws=win32&nl=en_US&java.version=1.8.0_211&product=org.eclipse.epp.package.java.product&product.version=4.7.3.M20180330-0640&runtime.version=3.13.0.v20170207-1030&platform.version=4.7.3.v20180330-0640: Unable to read repository at https://marketplace.eclipse.org/api/p?client=org.eclipse.epp.mpc.core&client.version=1.6.4.v20180214-1810&os=win32&ws=win32&nl=en_US&java.version=1.8.0_211&product=org.eclipse.epp.package.java.product&product.version=4.7.3.M20180330-0640&runtime.version=3.13.0.v20170207-1030&platform.version=4.7.3.v20180330-0640.
I wanted to Install testNg so I tried adding the certificate as follows and made it trust, Still facing the same issue.
keytool -import -alias TestNg -keystore "C:\Program Files\Java\jdk-19\lib\security\cacerts" -file TestNg.cer
I get below error,
Unable to read repository at https://dl.bintray.com/testng-team/testng-eclipse-release/content.xml.
Unable to read repository at https://dl.bintray.com/testng-team/testng-eclipse-release/content.xml.
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Am I missing anything, I don't see a JRE for JDK is that I am missing?
After exploring few I found a solution for this,
The reason behind the error was:
Our cooperate firewall (ZScalar) prevent these additional steps, and install attempts will fail with the below messages:
Unable to read repository at https://dl.bintray.com/testng-team/testng-eclipse-release/content.xml. Unable to read repository at https://dl.bintray.com/testng-team/testng-eclipse-release/content.xml. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Java did not recognize the root certificate authority (CA).
How to fix this?
There are two ways to fix this:
Admin team has to reconfigure the firewall to allow Java access to the certificate sites.(They did not agreed with this, so proceeded with below way).
To verify the root certificates, determine where the cacerts file is located.
Cacerts file is available in eclipse jre folder. For example
C:\Eclipse 2022 09\eclipse-java-2022-09-R-win32-x86_64\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.4.v20220903-1038\jre\lib\security\cacerts
Now the certificate for the software’s needs to be added to this cacerts file. Eclipse marketplace itself was not opening for me. So on browser I pinged the below link,
https://marketplace.eclipse.org/
Click on the HTTPS certificate chain and navigate the certificate hierarchy. At the top there should be a Primary Root CA. This could be missing from my java cacerts file. Export the certificate and saved in my computer. Now imported to cacerts file.
Open cmd where the certificate is expoted. Execute below command.
keytool -import -alias MarketPlace -keystore "C:\Eclipse 2022 09\eclipse-java-2022-09-R-win32-x86_64\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.4.v20220903-1038\jre\lib\security\cacerts" -file ZscalerRootCAMP.der
Here ZscalerRootCAMP.der is the certificate exported for Eclipse market place.
Restart eclipse, open Eclipse marketplace and now I am able to install software's.
I copied the folder of HIVEMQ-KAFKA extension to the HIVEMQ extension folder but it is giving me this error:
WARN - Extension hivemq-kafka-extension cannot be loaded. The extension signature could not be read. The signature of an enterprise extension is required by HiveMQ. Reason: zip END header not found
zip END header not found
This usually means that the file is corrupted. Try re-downloading it, and check it against the checksums if provided.
Your ZIP / jar seems to be corrupt.
The other other question: Yes, the Kafka Extension is an Enterprise extension. For those you need additional a license to run it in production. But in development environment you can try out, cause you have an evaluation time of 5 hours. After this time, the extension will be disabled and to re/enable you must remove the DISABLED flag in the kafka-extension folder. More information you can find on the HiveMQ Developer and Configuration Pages.
I want to intstall the ext "my_redirects". On my local machine it does what it should. But now, on the live site, i got this error:
1: PHP Warning: file_get_contents(/kunden/homepages/28/d574274134/htdocs/update7/typo3/sysext/core/Resources/Private/Sql/Cache/Backend/Typo3DatabaseBackendCache.sql): failed to open stream: No such file or directory in /homepages/28/d574274134/htdocs/update7/typo3_src-7.6.14/typo3/sysext/core/Classes/Cache/Backend/Typo3DatabaseBackend.php line 441
I got a hint to delete the typo3temp/autoload/ files. Then the installation works, but if i after that go into the install tool, i get this error again. Can someone give a hint?
This file is part of the core and must exist. Look into the src-tar/zip file. Maybe the file wasn't transferred to the server.
I don't think it's an autoload issue, because the .sql file is missing, not the PHP class.
Please verify that the sql file does exist. If it's missing, check the hash of your downloaded TYPO3 core. Make sure you compare the correct path on the server.
But I guess you got an access restriction. Maybe bad ownhership of that .sql file? Perhaps you ran into some security problems with file_get_contents() and at least sql files? So please also check your security settings.
I am Trying to deploy Jboss esb over Jboss AS using Ant. but i am getting the following error and it is giving me a build fail. I certainly have changed the .Properties file with the correct Server home and server config paths.
Below is the error i am getting
Also I have Jboss 5.1.0 AS and Jbossesb 4.1.0
I am not sure what changes do i need to make with my build.xml file.
C:\jbossesb-4.10\install>ant deploy
Buildfile: C:\jbossesb-4.10\install\build.xml
check.deploy.props:
dependencies.source:
dependencies.jbossesb:
dependencies:
init.bindings.props:
undeploy.bindings:
undeploy.jbossas5:
undeploy.jbossas6:
undeploy:
BUILD FAILED
C:\jbossesb-4.10\install\build.xml:480: Directory does not exist: C:\jbossesb-4.10\install\jboss-5.1.0.GA\server\all\lib
You've probably set bad server path in property file. Did you unpack server to "C:\jbossesb-4.10\install\jboss-5.1.0.GA\" directory?
You need to set the path to jboss-as directory. Correct may be something like this.
C:\jbossesb-4.10\install\jboss-5.1.0.GA\jboss-as\
In order to deploy jboss-esb on to jboss-as you need to have deployment.properties file in
your install folder of jboss-esb (for ex: \jbossesb-4.6\jbossesb-4.6\install)
in that deployment properties file you need to set your jboss-as home
ex: org.jboss.esb.server.home=D:/J Boss Book Installs/jboss-5.1.0.GA-jdk6/jboss-5.1.0.GA
NOTE: the direction of slash is very important it should be forward slash(/) (as specified in example above) for it get indexed in to the given server.home location .
Otherwise you will get directory doesn't exist errors just like the one you specified above in your question .
Check your deployment.properties file and correct server.home it would probably resolve your error !!!