I have updated java to JDK 19 and when I try opening Eclipse Marketspace i am getting below error,
MarketplaceDiscoveryStrategy failed with an error
Cannot complete request to https://marketplace.eclipse.org/api/p?client=org.eclipse.epp.mpc.core&client.version=1.6.4.v20180214-1810&os=win32&ws=win32&nl=en_US&java.version=1.8.0_211&product=org.eclipse.epp.package.java.product&product.version=4.7.3.M20180330-0640&runtime.version=3.13.0.v20170207-1030&platform.version=4.7.3.v20180330-0640: Unable to read repository at https://marketplace.eclipse.org/api/p?client=org.eclipse.epp.mpc.core&client.version=1.6.4.v20180214-1810&os=win32&ws=win32&nl=en_US&java.version=1.8.0_211&product=org.eclipse.epp.package.java.product&product.version=4.7.3.M20180330-0640&runtime.version=3.13.0.v20170207-1030&platform.version=4.7.3.v20180330-0640.
I wanted to Install testNg so I tried adding the certificate as follows and made it trust, Still facing the same issue.
keytool -import -alias TestNg -keystore "C:\Program Files\Java\jdk-19\lib\security\cacerts" -file TestNg.cer
I get below error,
Unable to read repository at https://dl.bintray.com/testng-team/testng-eclipse-release/content.xml.
Unable to read repository at https://dl.bintray.com/testng-team/testng-eclipse-release/content.xml.
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Am I missing anything, I don't see a JRE for JDK is that I am missing?
After exploring few I found a solution for this,
The reason behind the error was:
Our cooperate firewall (ZScalar) prevent these additional steps, and install attempts will fail with the below messages:
Unable to read repository at https://dl.bintray.com/testng-team/testng-eclipse-release/content.xml. Unable to read repository at https://dl.bintray.com/testng-team/testng-eclipse-release/content.xml. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Java did not recognize the root certificate authority (CA).
How to fix this?
There are two ways to fix this:
Admin team has to reconfigure the firewall to allow Java access to the certificate sites.(They did not agreed with this, so proceeded with below way).
To verify the root certificates, determine where the cacerts file is located.
Cacerts file is available in eclipse jre folder. For example
C:\Eclipse 2022 09\eclipse-java-2022-09-R-win32-x86_64\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.4.v20220903-1038\jre\lib\security\cacerts
Now the certificate for the software’s needs to be added to this cacerts file. Eclipse marketplace itself was not opening for me. So on browser I pinged the below link,
https://marketplace.eclipse.org/
Click on the HTTPS certificate chain and navigate the certificate hierarchy. At the top there should be a Primary Root CA. This could be missing from my java cacerts file. Export the certificate and saved in my computer. Now imported to cacerts file.
Open cmd where the certificate is expoted. Execute below command.
keytool -import -alias MarketPlace -keystore "C:\Eclipse 2022 09\eclipse-java-2022-09-R-win32-x86_64\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.4.v20220903-1038\jre\lib\security\cacerts" -file ZscalerRootCAMP.der
Here ZscalerRootCAMP.der is the certificate exported for Eclipse market place.
Restart eclipse, open Eclipse marketplace and now I am able to install software's.
Related
I want to use the https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem which is stored in my application jar i.e. using classpath. So I tried using the below jdbc url
jdbc:postgresql://<db-endpoint>:5432/pgdb?ssl=true&sslmode=verify-full&sslfactory=org.postgresql.ssl.SingleCertValidatingFactory&sslfactoryarg=classpath:global-bundle.pem
However, I am getting an exception
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Instead of classpath: I tried file: as well but same exception.
Without using SingleCertValidatingFactory, the .pem file works with file system path like below
jdbc:postgresql://<db-endpoint>:5432/pgdb?ssl=true&sslmode=verify-full&sslrootcert=/app/certs/global-bundle.pem
Does SingleCertValidatingFactory not work with .pem files? What do I need to do to make it work. Any help is appreciated.
SingleCertValidatingFactory does seem to work with us-east-1-bundle.pem. It seems to be having issue with global-bundle-pem which has all regional certificates combined. Another solution is to follow this doc to import each certificate into the JDK cacerts
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html#UsingWithRDS.SSL-certificate-rotation-sample-script
And then use
jdbc:postgresql://<db-endpoint>:5432/pgdb?ssl=true&sslmode=verify-full&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory
I just wanted to start VS Code on Windows Subsystem Linux but VS Code updates automatically. The issue is a certificate which VS Code wants to access but it is blocked by kaspersky. Kaspersky is installed on Windows 10. I have the Total Securiy Version. Does somebody have a hint? What should I change?
micha#LAPTOP-TD50FJUH:/mnt/c/WINDOWS/system32$ code .
Updating VS Code Server to version 8490d3dde47c57ba65ec40dd192d014fd2113496
Removing previous installation... Installing VS Code Server for x64
(8490d3dde47c57ba65ec40dd192d014fd2113496) Downloading: 100% Failed
--2021-02-05 18:15:16-- https://update.code.visualstudio.com/commit:8490d3dde47c57ba65ec40dd192d014fd2113496/server-linux-x64/stable
Resolving update.code.visualstudio.com
(update.code.visualstudio.com)... 51.144.164.215 Connecting to
update.code.visualstudio.com
(update.code.visualstudio.com)|51.144.164.215|:443... connected.
ERROR: cannot verify update.code.visualstudio.com's certificate,
issued by ‘CN=Kaspersky Anti-Virus Personal Root Certificate,O=AO
Kaspersky Lab’: Self-signed certificate encountered. To connect to
update.code.visualstudio.com insecurely, use `--no-check-certificate'.
ERROR: Failed to download
https://update.code.visualstudio.com/commit:8490d3dde47c57ba65ec40dd192d014fd2113496/server-linux-x64/stable
to
/home/micha/.vscode-server/bin/8490d3dde47c57ba65ec40dd192d014fd2113496-1612545315.tar.gz Please install missing certificates. Debian/Ubuntu: sudo apt-get
install ca-certificates
I have already installed ca-certificates without any Problem.
I solved this error:
(Add Last Line to /etc/wgetrc) - check_certificate = off
Results:
everton#LPEw:/$ code
Updating VS Code Server to version 3c4e3df9e89829dce27b7b5c24508306b151f30d
Removing previous installation...
Installing VS Code Server for x64 (3c4e3df9e89829dce27b7b5c24508306b151f30d)
Downloading: 100%
Unpacking: 100%
Unpacked 1719 files and folders to /home/everton/.vscode-server/bin/3c4e3df9e89829dce27b7b5c24508306b151f30d.
everton#LPEw:/$
1. go to WSL
then type:
sudo vi /etc/wgetrc
uncomment this line
#https_proxy = http://proxy.yoyodyne.com:18023/
type:
https_proxy = https://update.code.visualstudio.com/commit:8490d3dde47c57ba65ec40dd192d014fd2113496/server-linux-x64/stable:443/
uncomment
use_proxy = on
type:
check-certificate=off
solved this by adding the update.code.visualstudio.com domain to the trusted list in kaspersky:
open kaspersky
click on the setting button (the gear at the bottom left)
go to the network setting menu item
add the domain to the trusted adresses
After hours of research I came with a more secure and efficient solution:
Open Control Panel, then Internet Options, go to the Content tab and click Certificates.
Go to the Trusted Root Certificate Authorities tab, select the Kaspersky root certificate and click Export.
Follow the instructions. Use the default settings during the certificate export. Enter the name kaspersky.cer for the file.
Move the exported .cer file to a Linux folder, open the folder and run this command:
openssl x509 -inform DER -in kaspersky.cer -out kaspersky.crt
Copy the created .crt file to /usr/local/share/ca-certificates/
Run sudo update-ca-certificates
Sources: this solution is a devolopment from Labradorcode's comment above and was based on a Kaspersky tutorial and this answer.
I created a CSR file via Keystore Explorer5.1.1 and sent the CSR to authority organization. The organization returned me certificated CRT file and I got the CRT to Examine by Keystore Explorer, which reported an error:
Version 5.1.1 is more than two years old and it had some problems with PEM encoded certificate files. A newer version of KeyStore Explorer could probably open this file.
But this is not the right way to import the certificate from the CA anyway. Instead follow these steps:
Open the keystore with the key pair.
Right click on the key and select "Import CA Reply"
Select the certificate file.
Amazon App Store (appstore) - Marketplace requires you to upload unsigned apk files. They then reconfigure and add their own coding. They then ask you to download that reconfigured file, sign it, then re-upload it to their site.
I'm having a heck of a time trying to import that reconfigured file into Eclipse for signing. Do I use the IMPORT option? If so, what specific steps? Or do I use the Terminal to sign?
I tried importing the new file the same way I imported my original project (using Wizard: Android>Android Project...) but that won't work for the new file.
Any suggestions or workarounds would be appreciated.
PS I found a great site that helps with eclipse and installing apks. But it didn't answer this question.
http://www.satyakomatineni.com/akc/display?url=displaynoteimpurl&ownerUserId=satya&reportId=3279
The ADT plugins for Eclipse can't import an APK to sign it, they can only export a signed (or unsigned) APK. But these instructions from the Android Developers site should help you get on your way: http://developer.android.com/guide/publishing/app-signing.html#signapp
You don't need to import the .apk file back into Eclipse, but can sign it from command line. In fact, Eclipse invokes this same procedure behind the scenes when it signs your binary.
In the samples below, replace the AppName with your application's name. The first step (to generate the keystore file) you will do only once when you setup your project, and the other 2 steps -- every time you need to sign the app. I hope that answers your question.
:: Generate a keystore file
cd "c:\Program Files (x86)\Java\jdk1.6.0_21\bin"
keytool.exe -genkey -v -keystore AppName.keystore -alias AppName -keyalg RSA -keysize 2048 -validity 10000
:: Sign the .apk file
cd "c:\Program Files\Java\jdk1.6.0_29\bin"
jarsigner.exe" -keystore AppName.keystore AppName.apk AppName
:: Zip align the .apk file and copy it to the install folder
cd "c:\Program Files (x86)\android\android-sdk\tools"
zipalign.exe" -f -v 4 AppName.apk install\AppName.apk
I have a few Eclipse plugins that are part of a feature. We would like to apply code signing to these plugins when the update site is updated.
I can see the JAR Signing tab when exporting an individual plugin, but I can't see anything similar in my update site project settings.
Also, the tutorials that I have read are using self-signed certificates. Can anyone point me towards instructions for using Verisign certificates (i.e. *.pfx files)?
Can anyone help?
Thanks,
Alan
Edit: I have marked Kane's response as the answer because it is very similar to the steps that I took and was an inspiration. I actually followed these instructions to sign the jars because it was based on pfx files: https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1072
Step 1: Run the following command to view details about the certificate (substituting the filename with your own):
keytool -list -v -storetype pkcs12 -keystore [Filename].pfx
Step 2: Scroll to the top of the output and take a note of the Alias name value.
Step 3: Sign each jar file using the following command (substituting the filenames and alias name for your own):
jarsigner -storetype pkcs12 -keystore [Filename].pfx [Filename].jar "[AliasName]"
I now need to come up with a way of managing / automating the process.
Update site project doesn't provide such capability to sign the jars. Signing jars is a pure java concept, you could use the signtool from JDK to do it.
If you want to sign you jars via using the certificate for Windows code signing, you could refer to this blog post.
In my successful experience, I convert pfx to JKS format certificate firstly, then call below command in ant,
<signjar sigfile="MyCompany" alias="${sign.alias}" keystore="${sign.keystore}" storepass="${sign.storepass}" keypass="${sign.keypass}" tsaurl="https://timestamp.geotrust.com/tsa" preservelastmodified="true">