Github peer not authenticated when I issue g8 command - scala

I am using red hat linux. I am trying to run this command:
g8 typesafehub/play-scala
And I am getting this response:
Exception fetching from github peer not authenticated
But when I check the connection using
openssl s_client -connect github.com:443
I get this:
Verify return code: 0 (ok)
Which means that I am able to connect with github. Why doesn't this command work?
g8 typesafehub/play-scala

I also ran into this issue on an RHEL 5 VM image where I am using openjdk 6. It was the other note to look at TrustManager clued me in on a fix. I tweak the invocation to add a trust setting for github; in my situation it resolves the peer authentication issue.
First grab the github certificate using openssl and keytool to make it accessible to java.
echo "" | openssl s_client -connect www.github.com:443 \
-showcerts 2>/dev/null | openssl x509 -out github.cert
keytool -import -alias github \
-file github.cert -storepass g8g8g8 \
-keystore $HOME/g8.truststore
Now to rewrite the invocation with a script I call "G8":
g8 \
\ -Djavax.net.ssl.trustStore=$HOME/g8.truststore \
\ -Djavax.net.ssl.trustStorePassword=g8g8g8 \
$*
Now try executing G8 -v typesafehub/akka-scala-sbt and I see things are much happier now. I imagine setting a systemwide default truststore would may be better but I haven't figured that one out yet.

If it really is an authentication issue, check your ~/.g8/config file for authentication purpose, but you shouldn't need it for anonymous access.
Note that, according to issue 32 of giter8, it can also depends on the Java you are using.
For instance:
Sorry, that preview release of openjdk 7 is not fit for general use. (There's also giter8 issue #27 specific to openjdk on mac.) I have tested openjdk 7~b147-2.0-0ubuntu0.11.10.1 with giter8 and that worked fine, so when there is a final release available for mac you should be able to use it.
For now, please try with jdk 6 and reopen if you are still having trouble.
Another JDK (openjdk) might end up using the wrong TrustManager, as described in "Avoiding the "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" with HttpClient"

I had the same issue as B Evans (thanks for this!), but in Windows, so here is the equivalent code in case someone else has this issue and doesn't know how to do it from windows cmd. I also had to get openssl from http://www.openssl.org/related/binaries.html
openssl s_client -connect www.github.com:443 -showcerts > out.txt
openssl x509 -out github.cert < out.txt
keytool -import -alias github -file github.cert \
-storepass g8g8g8 -keystore C:\tmp\g8.truststore
Then add the same to JAVA_OPTS (I also had to deal with our corporate firewall and hence proxy as well...)
SET JAVA_OPTS=-Dhttp.proxyHost=our.proxy.com -Dhttp.proxyPort=8080 \
-Dhttps.proxyHost=our.proxy.com -Dhttps.proxyPort=8080 \
-Djavax.net.ssl.trustStore=C:\tmp\g8.truststore \
-Djavax.net.ssl.trustStorePassword=g8g8g8

Related

bootstrap fails due to a certificate mismatch

When running ./bootstrap in a freshly-cloned repository (https://github.com/coreutils/coreutils), it seems to either
not find some files it wants to or doesn't trust https://translationproject.org.
./bootstrap: Bootstrapping from checked-out coreutils sources...
./bootstrap: consider installing git-merge-changelog from gnulib
./bootstrap: getting gnulib files...
Submodule 'gnulib' (git://git.sv.gnu.org/gnulib.git) registered for path 'gnulib'
Cloning into '/home/vagrant/coreutils/gnulib'...
Submodule path 'gnulib': checked out '0ac98783691bbf8212537ebe18ddb68feb22a760'
./bootstrap: getting translations into po/.reference for coreutils...
ERROR: The certificate of 'translationproject.org' is not trusted.
ERROR: The certificate of 'translationproject.org' has expired.
So what I am going to do to make the certificate be trusted by my system and make it compilatioin successfully?
First, to get the certificate:
wget --mirror --level=1 -nd -v -A.po -P 'po/.reference' https://translationproject.org/latest/coreutils/
and then make the certificate trusted:
a) ask openssl to trust:
openssl s_client -connect translationproject.org:443 -CApath /etc/ssl/certs -showcerts </dev/null 2>/dev/null
b) ask cert tool to trust
certtool --verbose --verify --infile=/tmp/translationproject.org.certs
Finally, you can use ./bootstrap sucessfully.

Faild when I try to send an email in Jenkins

I'm trying to send an email in Jenkins. I'm doing next steps:
Jenkins -> Configure System
In "E-mail Notification" area I'm providing next data, click "Test Configuration" and many errors appears:
Could you please help me with this issue?
It looks like you need gmail smtp server's certificate
Please try the following steps from http://notepad2.blogspot.com/2012/04/import-gmail-certificate-into-java.html (1)
Copied from the (1):
"
The following procedures are to import the gmail smtp certificate into the default Java keystore (Depends on the java mail application, the location of keystore may be vary):
Connect to smtp.gmail.com:465 to display the certificate in a terminal window:
For Linux:
openssl s_client -connect smtp.gmail.com:465
For Mac OS:
openssl s_client -connect smtp.gmail.com:465
For Windows
Install openssl first
Run command:
s_client -connect smtp.gmail.com:465
Copy and save the lines between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" into a file, say, gmail.cert
Import the certificate into java keystore(Default location):
sudo keytool -import -alias smtp.gmail.com -keystore /path/to/keystore -file /Users/wilson/gmail.cert
For Windows:
keytool -import -alias smtp.gmail.com -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -file C:\Users\wilson\gmail.cert
For Mac OS:
sudo keytool -import -alias smtp.gmail.com -keystore /System/Library/Frameworks/JavaVM.framework//Versions/CurrentJDK/Home/lib/security/cacerts -file /Users/wilson/gmail.cert
For Linux:
sudo keytool -import -alias smtp.gmail.com -keystore $JAVA_HOME/jre/lib/security/cacerts -file /Users/wilson/gmail.cert
Note: your need to provide the password to access the keystore. The password for the default java keystore is changeit
Answer Yes when it ask "Trust this certificate? [no]: yes"
Note: if your java mail client application uses its own keystore, you need to change the location of the application's keystore rather than JVM's keystore in the keytool command.
"

Is it possible to add crt to cacerts [Java TrustStore] using openssl

Is it possible to add/import .crt [certificate] to cacerts [Java TrustStore] using openssl ?
I do not wish to use keytool & i'm looking for an alternate openssl command for the below:
keytool -import -trustcacerts -alias TorchboxCA -file Torchbox_CA.crt -keystore cacerts
Kindly help me with the command syntax incase it is possible.
As far as I understand the functionality of openssl, no, it will not be possible.
Even in a longer research in OpenSSL manpages and Wiki, I haven't found a hint for Java Key Store (JKS) support.

How to configure a Play application to use Let's Encrypt certificate and to convert let's encrypt certificate so that play can understand it?

I have been using play framework as my server and react webpage as a client. I have already created and set up certificate for react webpage using letsencrypt. But, now i have to configure this certificate work also for play application. How can i configure application.conf to use it?
I myself found answer answer to my Question.
First create certificate for nginx from https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04#step-5-enabling-the-changes-in-nginx
After creating certificate, follow following step:
1) First stop your play server
2) Do sudo su
3) Do ssh and go to the location where your sslcertificate is which will be like: /etc/letsencrypt/live/example.com
4)Type following command
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out cert_and_key.p12 -CAfile chain.pem -caname root -passout pass:your_password
5)Type following command
keytool -importkeystore -srcstorepass your_password -destkeystore keyStore.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12 -storepass your_password
6) After .jks is created put following code in your application.conf file:
play.crypto.secret="changethissosomethingsecret"
play.server.https.keyStore.path = "Path to your .jks file"
play.server.https.keyStore.type = "JKS"
play.server.https.keyStore.password = "yourKeyStorePassword"
5) Now change your play run command to following
nohup /home/ubuntu/webserver/manpowercompany-1.0-SNAPSHOT/bin/manpowercompany -J-Xms128M -J-Xmx1024M -Dplay.crypto.secret=anyKey -Dhttps.port=9002 &
Note: Change the directory according to your file locations
6) Start the server with the file containing above run command. You might need to do sudo.
7) You are good to go. Now your server is served as https at port 9002
Above procedure are the step i did according to my project. So, do reference this and make changes according to your project.
Thank you!!!

I can't run postgresql server after I change ssl = on in postgresql.conf in Windows Server 2012.

After changing ssl = on in postgresql.conf, postgresql server can't run anymore. What settings are needed more to enable SSL. I am using postgresql on Windows Server 2012.
Here is my research
https://www.postgresql.org/docs/current/static/ssl-tcp.html#SSL-FILE-USAGE
As in the link, you need to create a Self-signed Certificate first.
To do that you need OPENSSL. I use apache 2.4.12 and it has OpenSSL 1.01.1m ver.
You can also download and install easily from internet.
Then go to the folder that Openssl install from cmd. In my case, "cd C:\Program Files\Apache Software Foundation\Apache 24\bin".
Then execute the command as in the above link says.
openssl req -new -text -out server.req
openssl rsa -in privkey.pem -out server.key
openssl req -x509 -in server.req -text -key server.key -out server.crt (In Windows OS you can only do those steps.)
Then copy server.key C:\ (Anywhere you want..)
copy server.crt C:\
Look for the files you copy (server.key & server.crt) and copy them to PostgreSQL data folder.
Then change ssl = on in postgresql.conf file.
Restart the postgresql service.
Done!!!