I´m trying to install some software in Eclipse 2018-12 via its Marketplace.
On trying to do so, I keep getting the same error:
Unable to read repository at http://download.eclipse.org/releases/2018-12.
Unable to read repository at https://download.eclipse.org/technology/epp/packages/2018-12/content.xml.
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The company I am currently working with has a proxy active. If that`s what causes this issue (which I am not sure of), how would I bypass it in Eclipse? I tried a manual Network connection with a proxy bypass, but to no avail.
Any help or ideas?
I tried many solutions, but found it is available at https://confluence.atlassian.com/kb/how-to-import-a-public-ssl-certificate-into-a-jvm-867025849.html and solved my problem.
In that case, I used the KeyStore Explorer tool and generated the certificate.
Download KeyStore Explorer and Install
Open the application (Run as administrator) and in Examine => Examine SSL
On the Connection Settings screen => SSL Host: google.com / SSL Port: 443 => Click "OK"
In the certificate, click on "PEM" and "Export".
Save as "public.crt"
Click the "Open an existing KeyStore" button => C:\Program Files\Java\jdk1.8.0_261\jre\ lib\security\cacerts (JDK)
Enter the password: changeit
In Tools => Import trusted certificate => Select the public.crt file => Click "OK"
Save the "cacerts" file.
Repeat steps 6 through 9 for the JRE (C:\Program Files\Java\jre1.8.0_261\lib\security\ cacerts)
Restart your PC.
References:
https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-error-779355358.html
https://confluence.atlassian.com/kb/connecting-to-ssl-services-802171215.html
If you are using a https url, change it to http url (just remove 's') and try.
In my case 'https://dl.bintray.com/fabioz/pydev/8.0.0/' was throwing cert error, but changing it to 'http://dl.bintray.com/fabioz/pydev/8.0.0/' worked fine.
In my case, I could not open Eclipse Marketplace and got the same error reported in the question of this thread. I was able to solve this problem by getting instructions from the admin since I am connected using VPN. If I disconnect the VPN, it will work without any problem. I am using Eclipse Version: 2022-09 (4.25.0) - Build id: 20220908-1902.
Steps (Windows):
Get the certificate definition files and store them under this folder for example: <user-home>\.certificate\my-certs.pem. If you have more than one certificate, combine the definitions in this file my-cert.pem. In my case I was provided two certificates, they are XXXROOTCA and XXXCERTnn.
If you have more than one certificate, store each in a separate file in the same folder for example file1.crt and file2.crt.
From the command line with admin rights, use the Java keytool to import the certificates:
%JAVA_HOME%\bin\keytool -import -alias XXXROOTCA -file %HOME%\.certificates\file1.crt -cacerts
%JAVA_HOME%\bin\keytool -import -alias XXXCERTnn -file %HOME%\.certificates\file2.crt -cacerts
Note: Make sure to associate the certificate alias with the correct file in the above command lines.
3. You may have to pass the password for the above command lines. Add the parameter -storepass changeit if the password is still changeit and you didn't change it which is the default.
For NodeJS, execute the following command (if required):
setx NODE_EXTRA_CA_CERTS %HOME%\.certificates\my-certs.pem
Now you should be able to open Eclipse Marketplace.
Related
I have an appication deployed on AWS EKS that uses an RDS PostgreSQL database. I have downloaded the intermediate and root certifcates, and added them to a trust store, as described in this post: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
However I cannot connect via SSL with sslmode=verify-full and I think it's because I do not have a copy of the certificate generated when RDS creates the DB instance and installs the certificate on the instance, as described here: https://aws.amazon.com/premiumsupport/knowledge-center/rds-connect-ssl-connection/
The certificate generated when the database is provisioned has the hostname of the server as the Common Name, and I think this is used to veryify the host when a client connects.
Does anyone know where I can download this certiifacte or if I have misunderstood how to do this, tell me what it is I am doing wrong?
Thanks
You need to do multiple things:
Download the ca certs from https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem.
Import this cert into the ca-certs of the JDK/JRE in your docker image by using this command keytool -importcert -alias aws-certs -trustcacerts -file /path/to/global-bundle.pem -storepass changeit -cacerts -noprompt
Note: You might have to run this command as root/sudo depending on the permissions on the cacerts file in the JDK_HOME/lib/security folder.
Make changes to your postgres jdbc url as decribed here; basically adding sslmode=verify-full
I was trying to commit something to github repo using VSCode and I was told that
"extension github wants to sign in using github", when I allowed it I was redirected to a page with some link which I could copy in VScode to login.
But when I did so it gives me this error:
Sign in failed: FetchError: request to
https://vscode-auth.github.com/token?code=e23e730e3d1c5dc&state=717aca03-28e1-486f-bbb2-57680a149638
failed, reason: self signed certificate in certificate chain
It has become impossible to work with GitHub due to its security restrictions.
Can someone help?
If somehow the certificate from GitHub is not trusted by your Ubuntu OS, you can get it with (as suggested here):
mkdir ~/git-certs
openssl s_client -showcerts github.com:443 2>/dev/null </dev/null | \
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/git-certs/cert.pem
git config --global http.sslCAInfo "${HOME}/git-certs/cert.pem"
Then relaunch your VSCode and try again.
I had a similar problem, and my final resolution was reinstalling it. However, that didn't solve the problem, as there were remnants left on my windows computer.
In the end, I got the problem removed by completely removing vs-code (or insider) from my computer as suggested here, meaning:
Uninstall by running unins.exe file found in > C: Users\your_user_name\AppData\Local\Programs\Microsoft\ VS Code (or insider)
delete the .vscode or .vscode-insiders folder found in C: Users\your_user_name
Now delete code or code-insider found in >C:\Users\your_user_name\AppData\Roaming
I installed vs-code again and also the github pull requests. I authenticized it using my git account, and things are back to normal. I have had already synced my setting to my account, therefore my previous working setup was back.
I have created VSTO Addin project which is signed using a Password protected PFX certificate and added the project to VSTS,
Now while building I get an error as failed to import certificate, to fix that I need to import PFX certificate, so as suggested on different SO posts and microsoft support, I am trying to import certificate using sn tool as follows,
I had created an .cmd(bat) file which has following commands,
C:
cd C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\
sn -i "%1\Sixmod5PFX\Sixmod5Certificate.pfx" VS_KEY_BD774ABB8BB29878
and added Run batch script task to build definition before MSBuild step,
but as we know when we run this command on local machine, it prompts for a password which user can enter,
Same thing happens on VSTS and fails, as it don't get password.
Is there any way to solve this.
You need to setup a private build agent (e.g. Deploy an agent on Windows), then install PFX certificate manually on that agent machine (as run the command on local machine and specify password in prompt window)
Trying to sync my marketplace account with magento2 admin panel and getting this error:
error setting certificate verify locations:
CAfile: F:\xampp\ca-bundle\ca-bundle.crt CApath: none
CMS installed to localhost with https and ssl self-signed certificates, system - windows 7.
In php.ini added this:
[curl]
curl.cainfo="F:\xampp\ca-bundle\ca-bundle.crt"
openssl.cafile="F:\xampp\ca-bundle\ca-bundle.crt"
As I read for linux this problem according with permissions and directory should be readable. But my system installed at C:/ so for F:/ any directory should be available.
What's the issue related with? How to fix it?
Thanks.
I found solution for this issue, let try this follow: http://chrisschuld.com/2008/07/how-to-fix-the-curl-error-error-setting-certificate-verify-locations/
(this solution for linux)
With xampp on windows, let try:
1. Open file server.crt in xampp\apache\conf\ssl.crt
2. Copy content of server.crt and paste to end of cacert.pem in xampp\perl\vendor\lib\Mozilla\CA
3. add to end of php.ini: curl.cainfo="D:\xampp\perl\vendor\lib\Mozilla\CA\cacert.pem"
4. Restart your Xampp
Reference: https://yikesplugins.com/support/knowledge-base/i-receive-the-error-ssl-certificate-problem-unable-to-get-local-issuer-certificate-why/
I want a easy way to save, copy and edit files on a remote server. I'm using Eclipse as an IDE, what could be better for these tasks than RSE(Remote System Exlporer) plugin for Eclipse. The thing is that I dont know how to make a connection using a public key. I have file that I downloaded from my Amazon account, *.pem. But I don't see any forms or inputs for this, when I try to connect to my remote Linux server. It is just User-id and password. I also tried to open the public key using the system's text editor and copy everything to my password field, but it didn't worked. Pls help me
this was baking my noodle for a while too. you put the keys in a folder not in the RSE config but in the whole of eclipse
check this: http://siteadmin.gforge.inria.fr/eclipse-ssh.html
Not mentioned (at least in explicitly) is the fact that RSE (and for what I've seen, Eclipse in general) only seems to work with 1024 bit keys https://bugs.eclipse.org/bugs/show_bug.cgi?id=404714
I also had issues, because my privatekey was 2048, but I added a new key to authorized hosts and then I could connect.
I added my local computer's ~/.ssh/id_rsa.pub to the remote /home/ec2-user/.ssh/authorized_keys.
Then just set the user to connect in RSE to ec2-user when connecting.
Someone asked for root login. It works too: update /root/.ssh/authorized_keys, and edit /etc/ssh/sshd_config to allow root login:
#PermitRootLogin forced-commands-only
PubkeyAuthentication yes
Then reload the sshd daemon: service sshd restart