I'm trying to use the JIRA dashboard plugin from tigris.org to connect to our in-house JIRA server, which has an invalid SSL certificate. I'd like to import the certificate into the keystore used by this plugin, whether that's the Eclipse keystore (which is where?) or its own.
If it helps, here's the error message:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
How can I go about finding the keystore?
It turns out that Eclipse doesn't store keys, it uses the jssecacerts keystore that is provided by the JVM
Related
I was trying to check for new updates in Eclipse Kepler and saw below error message
Unable to read repository at https://otto.takari.io/content/sites/m2e.extras/m2eclipse-mavenarchiver/0.17.0/N/LATEST/content.xml.
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
That is not an eclipse issue nor a maven issue. Java tries to verify the Certificate chain, but fails for some reason. The cause might be:
Proxy and/or other security appliances; especially if you're stuck in a company network
https connection is forbidden
the target site uses a self signed certifcate
See this SO answer for solutions.
I still can't install any plugin for eclipse because of a ValidatorException
Unable to read repository at http://www.pydev.org/updates/content.xml.
sun.security.validator.ValidationException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
What should I do in that case?
I think this is a common certificate issue, which can happen because of multiple reasons. I'll list the 2 most likely to be the case here:
The URL mentioned in the error does a redirect from HTTP to HTTPS, which java does not seem to like.
I'm not sure if this is still an issue in recent Java versions, could not find a better reference but they mention it here: https://github.com/protegeproject/protege/issues/17
Please try to change the update-site URL from http://www.pydev.org/updates/ to what it redirects to (which currently is: https://dl.bintray.com/fabioz/pydev/5.3.1/)
The certificate could not be validated because the certificate issuers root certificate is not in your keystore. Make sure you have the most recent version of java installed (each new version contains a new keystore). You can also add the issuers root certificate (or the certificate of the site) into your keystore using the keytool.
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
Exception while Importing Gradle project in Eclipse Mars , It shown there are few certificates to be added in the Cacerts File of Java .
I have added the certificates with the key tool. The certificates were added in the Cacerts file also. But again getting the Same SSL Error.tried Running Cmd prompt also. No use. one thing I am unable to try is Changing the Access permission of the Cacerts File.
The problems were
Proxy Firewall
The profile was customized for the Organization.
I was creating a project with the predefined profile format (like rest, angular).
Note : Before creating a project in grails 3.x make sure the profile you are using is Whether the customized one or Predefined in Grails.
Running Eclipse 3.6 and trying to get version 3.2.4 of the GWT plugin. I add the source and it results in the following:
Unable to read repository at https://commondatastorage.googleapis.com/eclipse_toolreleases/products/gpe/release/3.2.4/3.6/content.xml.
Unable to read repository at https://commondatastorage.googleapis.com/eclipse_toolreleases/products/gpe/release/3.2.4/3.6/content.xml.
com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
I have the correct path, my local time on my machine is accurate/correct (I had read some about some odd timestamp issues with certs?), and I can't seem to find any information about this. I tried installing locally, and there are missing dependencies when I use a local archive. I am curious though, why is it trying to hit content.xml? There is no such file in the downloadable repo, and when I try to hit that URI, I get the following:
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message></Error>
It's because the repository does not have a valid, i.e. trusted, certificate according to our SSL. You need to manually add the certificate as trusted, and then install the plugin.
My test Tomcat 6 server has a self signed certificate. The manager webapp is accessible only via SSL, with this self signe certificate. When I try to deploy with the cargo-maven2-plugin, I get the error :
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I could probably add the certificate to the default Java keystore, but I would like to keep deployment as portable as possible and not require that everybody who needs to deploy the app to install the certificate. I would like to deploy the app by just having a checkout of the project, configuring the password to the app server and running Maven.
I could not find in the cargo documentation a way to ignore invalid certificates.
Can you point me in the right direction ?
I'm fairly ignorant on cargo specifically, but I've used this code to allow bad certs without errors in Java before, and it should work for you. Note that it's super insecure, but then again if you want to ignore invalid certs then pretty much any implementation is going to be super insecure.
http://ctasada.blogspot.com/2010/11/httpclient-use-self-signed-certificates.html