-
assigned issue to
Robert Reiz
SSL Certificate Issues when using Gradle Plugin
Issue #275
resolved
Original Report: https://github.com/stempler/gradle-versioneye-plugin/issues/28
Yesterday things were working fine, but today I started running into what appears to be a certificate issue whenever I attempt to create/update projects via the plugin. I get the following error:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
After manually adding the certificate to the java certs, I get a different error:
Certificate for <www.versioneye.com> doesn't match any of the subject alternative names: [sengaa.versioneye.com]
Here are the logs preceding the errors:
[groovyx.net.http.HTTPBuilder] POST https://www.versioneye.com/api/v2/projects?api_key=<key removed>
[org.apache.http.impl.conn.BasicClientConnectionManager] Get connection for route {s}->https://www.versioneye.com:443
[org.apache.http.impl.conn.DefaultClientConnectionOperator] Connecting to www.versioneye.com:443
[org.apache.http.impl.conn.DefaultClientConnection] Connection org.apache.http.impl.conn.DefaultClientConnection@7257cbce closed
[org.apache.http.impl.conn.DefaultClientConnection] Connection org.apache.http.impl.conn.DefaultClientConnection@7257cbce shut down
Comments (9)
-
-
@windyroad This is related to 276. Will work today on this.
-
@windyroad We created some new SSL certificates for some sub domains via LetsEncrypt, but didn't updated the main cert for the main domain www.versioneye.com. I guess that caused the error. Now ALL domains and sub domains of VersionEye are running on LetsEncrypt certs. Can you please try again and let me know if it's fixed?
-
reporter
Nope. Still borken
-
reporter
Here's what's going wrong: https://community.letsencrypt.org/t/helloworld-letsencrypt-org-can-only-find-certificate-with-dst-x3-loaded/14133/3
And more: http://stackoverflow.com/questions/34110426/does-java-support-lets-encrypt-certificates
Apparently upgrading to Java 8u101 will resolve the issue. I'll try.
You can test using the command:
curl -X GET https://confluence.atlassian.com/kb/files/779355358/779355357/1/1441897666313/SSLPoke.class -o SSLPoke.class; java SSLPoke www.versioneye.com 443(with credit to https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html)
-
reporter
I'm using snap-ci for my build server, so it looks like I'm stuck on java 1.8.0_51 https://docs.snap-ci.com/the-ci-environment/languages/java/
-
reporter
You can add LetsEncrypts cross signed certificate using the following command
curl -X GET https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der -o lets-encrypt-x3-cross-signed.der; sudo keytool -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -importcert -alias lets-encrypt-x3-cross-signed -file lets-encrypt-x3-cross-signed.derjava SSLPoke www.versioneye.com 443now outputsSuccessfully connected(with credit to http://stackoverflow.com/a/38312489/269221)
-
reporter
Now I get the
Certificate for <www.versioneye.com> doesn't match any of the subject alternative names: [sengaa.versioneye.com]error :( -
- changed status to resolved
I just remove the LetsEncrypt cert and rolled back to our old SSL cert. Feel free to reopen this ticket if you still get some SSL errors.
- Log in to comment
