I am in a company, and need set proxy to connect to the Internet. The proxy setting is ok, because I can connect to other website, e.g. Neon - http://download.eclipse.org/releases/neon, but not for http://aws.amazon.com/eclipse.
The error message is:
Unable to read repository at
https://aws.amazon.com/eclipse/content.xml. Unable to read repository
at https://aws.amazon.com/eclipse/content.xml.
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target.
The specific stack is:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:554)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:435)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:216)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerProtocol(ManagedClientConnectionImpl.java:394)
at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:814)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:615)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientFileSystemBrowser.runRequest(HttpClientFileSystemBrowser.java:263)
at org.eclipse.ecf.provider.filetransfer.browse.AbstractFileSystemBrowser$DirectoryJob.run(AbstractFileSystemBrowser.java:69)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown
Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 26 more
This is because java is not recognizing root certificate authority (CA) SSL certificate of https://aws.amazon.com.
Solution is to add that certificate to java cacerts file so that it got permanently accepted.
Step 1 : Get root certificate of https://aws.amazon.com
CHROME BROWSER
Open https://aws.amazon.com
Select Inspect from context menu(right clicking on page) and navigate to security tab
Click on view certificates
Click on top most certificate on hierarchy and confirm it is tailed with Root CA phrase.
drag and drop that image which you saw written certificate on desktop.
FIREFOX BROWSER
Open https://aws.amazon.com
click on the green lock button "show certificate"
tab "details", "export"
Thats it! you got your root certificate!
Step 2 : Get that certificate added to java cacerts file.
use keytool.exe inside your jre bin folder.
fire following command to place your certificate inside cacerts file
keytool –import –noprompt –trustcacerts –alias ALIASNAME -file
/PATH/TO/YOUR/DESKTOP/CertificateName.cer -keystore
/PATH/TO/YOUR/JDK/jre/lib/security/cacerts -storepass changeit
That is it! you got your problem resolved.
PLEASE NOTE
Do confirm that the jre which is giving you this PKIX error(JRE used by eclipse or your app after deployment) that is where you are performing STEP 2. If you would try with another jre problem would be as it is.
Go to Eclipse -> Window -> Preferences -> Network Settings
Change Active Provider to Direct
Save
Go back to Install Software
Try again to pull from AWS Repo
This time it will work
Just flow the below steps in eclipse,
1) go to windows -> preference - > search for network connections
2) Change the active provider to direct.
Then try install software in eclipse and search for http://aws.amazon.com/eclipse.
It will work.
Try changing the Window/Preferences/Network settings from Native to Direct.
Launch eclipse from CLI using "eclipse.exe -clean"
Retry the update
Related
In Charles proxy unable to start/stop recording using web interface. I have enabled the web interface and transparent ssl proxy option. I am able to navigate one level from the home page http://control.charles/ like http://control.charles/recording/ . However, I'm not able to access anything further like http://control.charles/recording/start
It is giving HTTP 404 error message in the browser response. Same thing I tried using curl and found that Charles proxy is throwing out of memory error. I have increased the -Xmx to 2GB in info.plist file and still facing the same.
Exception in thread "com.xk72.proxy.ssl.vTMQ.LajB" java.lang.OutOfMemoryError:
unable to create new native thread at java.lang.Thread.start0(Native Method) at
java.lang.Thread.start(Thread.java:717) at
java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:957) at
java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1378) at
com.xk72.proxy.sJmZ.wIxc.run(Unknown Source) at
java.lang.Thread.run(Thread.java:748) SEVERE
com.xk72.proxy.server.SocketProxyServer SocketProxyServer.run
java.lang.OutOfMemoryError: unable to create new native thread at
java.lang.Thread.start0(Native Method) at java.lang.Thread.start(Thread.java:717)
at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:957)
at java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1378) at
com.xk72.util.LajB.DdNM(Unknown Source) at com.xk72.throttle.AqRW.(Unknown Source)
at com.xk72.throttle.WSQr.getInputStream(Unknown Source) at
com.xk72.proxy.http.wDPH.DdNM(Unknown Source) at
com.xk72.proxy.http.CLFr.twLa(Unknown Source) at
com.xk72.proxy.http.CLFr.DdNM(Unknown Source) at
com.xk72.proxy.http.CLFr.DdNM(Unknown Source) at
com.xk72.proxy.sJmZ.wDPH.run(Unknown Source) at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at
java.lang.Thread.run(Thread.java:748)
Details: Mac High Sierra - 10.13.6 Jre - 1.8.163 Charles - 4.2.8
I'm trying to consume a secured rest endpoint through java code as following
public static void main(String[] args) {
getUrl();
}
private static void getUrl(){
System.setProperty("javax.net.ssl.keyStore", "C:\\Program Files\\Java\\jdk1.8.0_191\\keystore\\test.jks");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStorePassword", "test123");
RestTemplate restTemplate = new RestTemplate();
ResponseEntity<SignedURL> signedURLEntity = restTemplate.getForEntity("https://tfgts.xyz.com:16610/file-transfer/get-url?fmt=json", SignedURL.class);
System.out.println("PUT URL : "+signedURLEntity.getBody().getPuturl());
}
I have imported the test.jks certificate in the following way
keytool -importkeystore -srckeystore .\test.jks -destkeystore %JAVA_HOME%/jre/lib/security/cacerts
I could find the alias of the certificate I imported, when I ran the below command
keytool -list -keystore cacerts
I'm using eclipse IDE to run this java class and configured the Java build path of the project to the JDK path where the certificate is imported. Also, I ordered the JAVA_HOME in path environment variables to be on top.
But still I'm getting the following error
Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://tfgts.xyz.com:16610/file-transfer/get-url": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:732)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:680)
at org.springframework.web.client.RestTemplate.getForEntity(RestTemplate.java:359)
at com.paychex.retirement.ml.service.SterlingFileProcessor.getUrl(FileProcessor.java:99)
at com.paychex.retirement.ml.service.SterlingFileProcessor.main(FileProcessor.java:88)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:723)
... 4 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 24 more
Using liferay-ce-portal-7.0-ga3 on my Mac system El Capitan 10.11, I have setup my Liferay 7.x server in Spring Tool Suite. It has tomact 8 server included in it. I have included Liferay IDE in my STS and generated Liferay Plugin Project but when I am trying to run the application I am getting Permission denied exception, which is shown below. I have sudo credentials of my Mac system. How can I get rid of this Permission denied exception while trying to run my application? I have attached the screen shot of the error too.
java.util.logging.ErrorManager: 4
java.io.FileNotFoundException: /Users/remo/Projects/xnet/Development/tools/liferay-ce-portal-7.0-ga3/tomcat-8.0.32/logs/catalina.2016-12-08.log (Permission denied)
at java.io.FileOutputStream.open0(Native Method)
at java.io.FileOutputStream.open(FileOutputStream.java:270)
at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
at org.apache.juli.FileHandler.openWriter(FileHandler.java:384)
at org.apache.juli.FileHandler.<init>(FileHandler.java:96)
at org.apache.juli.AsyncFileHandler.<init>(AsyncFileHandler.java:71)
at org.apache.juli.AsyncFileHandler.<init>(AsyncFileHandler.java:67)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at org.apache.juli.ClassLoaderLogManager.readConfiguration(ClassLoaderLogManager.java:562)
at org.apache.juli.ClassLoaderLogManager.readConfiguration(ClassLoaderLogManager.java:505)
at org.apache.juli.ClassLoaderLogManager.readConfiguration(ClassLoaderLogManager.java:309)
at java.util.logging.LogManager$3.run(LogManager.java:399)
at java.util.logging.LogManager$3.run(LogManager.java:396)
at java.security.AccessController.doPrivileged(Native Method)
at java.util.logging.LogManager.readPrimordialConfiguration(LogManager.java:396)
at java.util.logging.LogManager.access$800(LogManager.java:145)
at java.util.logging.LogManager$2.run(LogManager.java:345)
at java.security.AccessController.doPrivileged(Native Method)
at java.util.logging.LogManager.ensureLogManagerInitialized(LogManager.java:338)
at java.util.logging.LogManager.getLogManager(LogManager.java:378)
at java.util.logging.Logger.demandLogger(Logger.java:448)
at java.util.logging.Logger.getLogger(Logger.java:502)
at com.sun.jmx.remote.util.ClassLogger.<init>(ClassLogger.java:55)
at sun.management.jmxremote.ConnectorBootstrap.<clinit>(ConnectorBootstrap.java:846)
at sun.management.Agent.startAgent(Agent.java:257)
at sun.management.Agent.startAgent(Agent.java:447)
java.util.logging.ErrorManager: 4
java.io.FileNotFoundException: /Users/remo/Projects/xnet/Development/tools/liferay-ce-portal-7.0-ga3/tomcat-8.0.32/logs/localhost.2016-12-08.log (Permission denied)
at java.io.FileOutputStream.open0(Native Method)
My best guess is that you've used your sudo power to start STS/Liferay/Tomcat as root once. Now your logfiles and OSGi state files are owned by root and can't be overwritten when you're starting the server as an unprivileged user.
As it's quite bad practice to run an internet facing server as root, I'd suggest to sudo chown -r remo /Users/remo/Projects/xnet/Development/tools/liferay-ce-portal-7.0-ga3/ (assuming that this is the chown syntax on MacOS). This command changes ownership of the files in /Users/remo/Projects/xnet/Development/tools/liferay-ce-portal-7.0-ga3/ to your user (remo) recursively (-r)
Starting the server from eclipse typically is done using your own user account and should work then.
I'm trying to use the eGerrit Eclipse Plugin (https://www.eclipse.org/egerrit/) for connecting to my gerrit server out of Eclipse. Everytime I try to connect I get an error that my URL (https://gerrit.isys-software.de) is not valid. But I'm quite sure that the URL is valid, because I can call it in the browser without problems. Does someone use the eGerrit Plugin an can give me some advice?
Thanks in advance :)
I've solved the problem. The certificate couldn't be verified, following error was found in Eclipse-Log:
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at
sun.security.validator.PKIXValidator.doBuild(Unknown Source) at
sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at
sun.security.validator.Validator.validate(Unknown Source) at
sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at
org.apache.http.conn.ssl.SSLContextBuilder$TrustManagerDelegate.checkServerTrusted(SSLContextBuilder.java:190) at
sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
... 84 more
Next step: Added the server certificate to a custom truststore via console:
keytool.exe -import -alias <alias> -file <path-to-certificate> -keystore <path-to-truststore>
After I started Eclipse with 2 truststore parameters, the connection could be established without problems.
-Djavax.net.ssl.trustStore=<path-to-truststore>
-Djavax.net.ssl.trustStorePassword=<password>
WSO2ESB: Unable To Start WSO2esb on CentOS
Got following Exception while tried to start
[root#node2500 bin]# sh wso2server.sh
JAVA_HOME environment variable is set to /usr/java/jdk1.7.0_65
CARBON_HOME environment variable is set to /usr/wso2esb-4.8.1
Exception in thread "Refresh Packages" java.lang.SecurityException: SHA1 digest error for org/eclipse/osgi/internal/loader/FilteredSourcePackage.class
at sun.security.util.ManifestEntryVerifier.verify(ManifestEntryVerifier.java:220)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:241)
at java.util.jar.JarVerifier.update(JarVerifier.java:228)
at java.util.jar.JarVerifier$VerifierStream.read(JarVerifier.java:483)
at sun.misc.Resource.getBytes(Resource.java:124)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:444)
at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at org.wso2.carbon.server.ChildFirstURLClassLoader.loadClass(ChildFirstURLClassLoader.java:62)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at org.eclipse.osgi.framework.internal.core.BundleHost.getLoaderProxy(BundleHost.java:662)
at org.eclipse.osgi.framework.internal.core.BundleHost.getBundleLoader(BundleHost.java:652)
at org.eclipse.osgi.framework.internal.core.PackageAdminImpl.populateLoaders(PackageAdminImpl.java:281)
at org.eclipse.osgi.framework.internal.core.PackageAdminImpl.doResolveBundles(PackageAdminImpl.java:223)
at org.eclipse.osgi.framework.internal.core.PackageAdminImpl$1.run(PackageAdminImpl.java:174)
at java.lang.Thread.run(Thread.java:745)
Please help me
Thanks
JDK-5078608 : Digital signatures are invalid after unpacking
can it be a JDK bug?
The procedure to pack and signing a jar is broken. Specifically if the jar
is a large one. One will get an error as
jarsigner -verify ./out/foo.jar
jarsigner: java.lang.SecurityException: SHA1 digest error for original/org/jfree/chart/axis/Axis.class