I was hoping someone could help me out. Some small details will be altered for anonymity.
Initial problem:*
When importing spring boot project into RAD I get this error:
Failure to transfer org.apache.maven:maven-archiver:pom:3.5.0 from https://nexusrm.<myCompany>.net:8443/repository/<myCompany>-maven/
was cached in the local repository, resolution will not be reattempted until the update interval of central has elapsed or updates are forced.
Original error: Could not transfer artifact org.apache.maven:maven-archiver:pom:3.5.0 from/to central
(https://nexusrm.<myCompany>.net:8443/repository/<myCompany>-maven/): PKIX path building failed:
com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
Inferred Cause:
I think my IDE cannot go to my companies nexus repository to get the parent pom file because the repo site uses a self signed certificate (or some other certificate error).
Workaround:
After opening my IDE (RAD/eclipse but I also have IntelliJ with same issue). I open the command line (windows 10), navigate/cd to my project, and add set MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true". This allows the Spring Boot project to run, but I have all sorts of other issues that may or may not be related and would like a permanant solution to this to make sure this is not causing issues. (other issues like when I open RAD I get popups saying failure to transfer other things, some projects saying incorrect package declarations, webserver+LDAP authentication stuff, etc)
Proposed Solution:
I believe I need to add the public certificate of the Nexus server to the trust store of the Java running Maven which I learned from this link https://support.sonatype.com/hc/en-us/articles/213465088-Maven-is-unable-to-connect-to-Nexus-after-configuring-Nexus-to-use-SSL- which says to do this:
Get the certificate from the server into a PEM encoded file on your Java client host:
keytool -printcert -rfc -sslserver example.com > example.pem (Optional/Advised)`
Import the certificate into the default Java truststore location under a relevant alias, using the default truststore password:
keytool -importcert -file example.pem -alias example.com -storepass changeit -keystore $JAVA_HOME/lib/security/cacerts
Main Questions
I cannot figure out how to do this. I need to know:
How to get the certificate (any browser) and how to put it into a PEM encoded file. In regards to the command-
I am unsure of what example.com should be and what example.pem should be. I know they are my server and pem file, but
Is server just the link of the nexus repo ie https://nexusrm.<myCompany>.net:8443/repository/<myCompany>-maven/? And
how do I generate this pem file?
Do I get the certificate by going to my browser->view certificate->details->copy to file?
What do I save the file as?
Conclusion:
Thanks so much for taking the time to read, I hope you can tell by my questions that I am new to all of this. It is possible there is a better way to fix this problem, or that this is not the right way to go about it at all it could be a firewall, configuration, or permissions thing, so any advice will be appreciated, just please keep in mind my skill level. I am just setting up my environment for my first software developer job, and trying to learn web applications using spring/spring boot. Please ask if you need more info.
Additional Info:
Java version 1.8_0_311 (jdk 1.8_0_311, jre 1.8_0_311)
Apache Maven Version 3.8.3
Particular error on Spring 2.5.5 but similair error on 2.6.0
I am using a Cisco anyconnect vpn
Related
I develop and distribute plugins.
I confirmed that there was a problem in plugin when installing the plugin in Eclipse.
problem detail : PKIX path building failed. sun.security.provider.certpath.SunCertPathBuilderException : unable to find valid certification path to requested targe
The detailed situation is as follows.
1 Years Ago, I applied ssl certificate to updatesite.
The certificate has expired and the certificate has been replaced.
The update site can be accessed from browsers (Chrome, Safari, etc.) and it has been confirmed that the certificate is valid.
But when I enter the url in Eclipse > Help > Install New Software I get a PKIX error.
So, when I checked, I found that the Fingerprint of Hostname displayed in Eclipse > Preferences > General > Network Connections > SSH2 > Known hosts was different.
So, even if I delete the corresponding value and apply it, the previous information is loaded again.
So it looked like the jvm was still loading.
To solve it, you can enter the following command when running it in Eclipse.
-Djavax.net.ssl.trustStore='certification path'
However, this is only a workaround for users, you cannot use this workaround as a distributor.
What settings should I make on the server?
For reference, it worked fine when applying the SSL certificate for the first time, but it didn't work after replacing it. Also, fortunately, thanks to backing up the previous certificate, the plug-in download from the update site works well after restoring it. (About 1 month left until the previous certificate)
I am struggling to get my java code (that uses HikariCP) to connect with my database on AWS RDS using SSL. I can connect with the database using MySQL Workbench, I just can't find out how to configure the MySQL Connector/J 5.1.45 driver to access the database using SSL.
Currently this is my HikariCP properties file:
jdbcUrl=jdbc:mysql://mypath.jqwejrkq4568833.us-east-1.rds.amazonaws.com:3306/myschema
username=myusername
password=mypassword
dataSource.cachePrepStmts=true
dataSource.prepStmtCacheSize=250
dataSource.prepStmtCacheSqlLimit=2048
dataSource.useServerPrepStmts=true
dataSource.useLocalSessionState=true
dataSource.useLocalTransactionState=true
dataSource.rewriteBatchedStatements=true
dataSource.cacheResultSetMetadata=true
dataSource.cacheServerConfiguration=true
dataSource.elideSetAutoCommits=true
dataSource.maintainTimeStats=false
dataSource.clientCertificateKeyStoreUrl=file://truststore
dataSource.clientCertificateKeyStorePassword=123456
dataSource.useSSL=true
dataSource.verifyServerCertificate=true
dataSource.requireSSL=true
The truststore file was generated with the RDS certificate from here, it's on my classpath root since it's on my resources folder from maven. I really want to provide my own truststore file to the MySQL Connector/J driver so this program can be moved around without having to configure the truststore from the environment (this is very useful for me because my code runs locally on GlassFish but on the cloud on AWS Lambda and who knows where will it run tomorrow).
When I try to get a connection using this configuration I get the following error:
com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Cannot open file://truststore [truststore]
At first I thought my trustore url was wrong, but if I change it to something like this:
dataSource.clientCertificateKeyStoreUrl=file:///truststore
The error changes to:
com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Cannot open file:///truststore [\truststore (The system cannot find the file specified)]
Which indicates for me that the first url was correct.
I have no idea what am I doing wrong or how to fix this, the `truststore was generated with the following command:
'C:\Program Files\Java\jre1.8.0_151\bin\keytool.exe' -importcert -alias AwsRdsMySqlCACert -file rds-combined-ca-bundle.pem -keystore truststore -storepass 123456
I have no idea what am I doing wrong, which leads me to the question:
What's wrong with my truststore file then?
EDIT:
Digging deeper I could find the cause of the Exception:
com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Cannot open file://truststore [truststore]
is:
java.net.UnknownHostException: truststore
I don't know what this means since my database url is correct because it's the same I use in MySQL Workbench.
if you are using Maven, make sure you are using the -Djavax.net.ssl.trustStore=/home/vagrant with the proper certificate , or configure the MAVEN_OPTS with the proper value for example : -Djavax.net.ssl.trustStore=/dev, also place it on the runner section in Intellij
I am trying to build a project in Android Studio, and Android's default build tool, Gradle, ALWAYS gives me an error when it attempts to build my project. The following is the result of using the "gradlew build" command:
FAILURE: Build failed with an exception.
* What went wrong:
A problem occurred configuring root project 'MyFirstApp'.
> Could not resolve all dependencies for configuration ':classpath'.
> Could not resolve com.android.tools.build:gradle:2.1.3.
Required by:
:MyFirstApp:unspecified
> Could not resolve com.android.tools.build:gradle:2.1.3.
> Could not get resource 'https://jcenter.bintray.com/com/android/tools/build/
gradle/2.1.3/gradle-2.1.3.pom'.
> Could not GET 'https://jcenter.bintray.com/com/android/tools/build/gradle
/2.1.3/gradle-2.1.3.pom'.
> jcenter.bintray.com:443 failed to respond
I have tried using an http proxy, vpn, turning off my firewall, deleting the cache in the .gradle foler, and even completely reinstalling Android Studio, but nothing seems to be working.
I am new to Android development, so any information is appreciated!
Here is the error when the proxy is implemented:
FAILURE: Build failed with an exception.
* What went wrong:
A problem occurred configuring root project 'MyFirstApp'.
> Could not resolve all dependencies for configuration ':classpath'.
> Could not resolve com.android.tools.build:gradle:2.1.3.
Required by:
:MyFirstApp:unspecified
> Could not resolve com.android.tools.build:gradle:2.1.3.
> Could not get resource 'https://jcenter.bintray.com/com/android/tools/build/
gradle/2.1.3/gradle-2.1.3.pom'.
> Could not GET 'https://jcenter.bintray.com/com/android/tools/build/gradle
/2.1.3/gradle-2.1.3.pom'.
> Remote host closed connection during handshake
I was able to add the HTTPS certificate to the keystore for jcenter.bintray.com, but now I am getting a JVM error whenever I start android studio:
Android Studio JVM Error
I have checked my environment variables, tried changing them, and the error persists. My java environment variables are set as follows:
User Variables:
PATH: %JAVA_HOME%\bin
JAVA_HOME: C:\Program Files\Java\jdk1.8.0_101
System Variables:
CLASSPATH: C:\Program Files\Java\jre1.8.0_101
JAVA_HOME: C:\Program Files\Java\jdk1.8.0_101\bin
EDIT:
After setting my Java home path in the gradle.properties file, I am now getting a different error when I attempt to build my project.
Downloading https://services.gradle.org/distributions/gradle-2.14.1-all.zip
Exception in thread "main" java.net.SocketException: Software caused connection abort: recv failed
EDIT:
I just wanted to let everyone know that I figured it out! Apparently my parents put some insanely powerful parental control software on my computer a few years ago and I forgot it was there. After uninstalling, Android Studio now works flawlessly. The software basically blocked all unknown traffic coming in and out of most of the ports. Anyway, thank you to everyone for the help. I can finally start developing!
Try setting both http and https as shown below
gradlew -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8080 -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=8144
EDIT1 :
Gradle is trying to download jars from https repo "https://jcenter.bintray.com" but java does not have client certificates. Follow below steps to import client certificates
Step 1 : Download Client Certificate
a) Open https://jcenter.bintray.com URL in the browser (i.e firefox)
b) Click on the lock icon right to the URL bar
c) Server URL is shown , click to get right arrow and then on "more information"
d) Pop-up is opened to view the certificate of the Server.
e) click on the "View Certificate", In "details" table export to a file CERT_FILE_NAME.crt
Step 2 : Import the client certificate to JDK which Gradle is using
keytool -import -noprompt -trustcacerts -alias "clojars.org" -file C:\CERT_FILE_NAME.crt -keystore C:\java\jre\lib\security\cacerts -storepass "changeit"
If you behind a proxy, you must set proxy for Gradle separately because Gradle doesn't use AndroidStudio's proxy settings:
open gradle.properties and add the following lines, change ip addr to your proxy's ip.
systemProp.http.proxyHost=127.0.0.1
systemProp.https.proxyPort=7070
systemProp.https.proxyHost=127.0.0.1
systemProp.http.proxyPort=7070
I just wanted to let everyone know that I figured it out! Apparently my parents put some insanely powerful parental control software on my computer a few years ago and I forgot it was there. After uninstalling, Android Studio now works flawlessly. The software basically blocked all unknown traffic coming in and out of most of the ports. Anyway, thank you to everyone for the help. I can finally start developing!
I met this problem because i was in China. i set a wrong proxy for my AndroidStudio.it works when i delete my proxy in config file gradle.properties located in gradle directory.
Hope this can help you!
systemProp.https.proxyPort=10808
systemProp.http.proxyHost=127.0.0.1
systemProp.https.proxyHost=127.0.0.1
systemProp.http.proxyPort=10808
Comment or delete above lines!
Other than adding the certificate of https://jcenter.bintray.com/ to your key store, can you also check if there is a parent certificate for https://jcenter.bintray.com/. If so, you may need to add that certificate as well in the keystore.
Apologies for yet another "unable to find certificate" question.
I'm developing on a Windows 7 machine. I am using multiple Java versions and because of that am explicit about paths to the used java version (here Java6). I achieve this by the following two lines:
set path=c:\Program Files\Java\jdk1.6.0_45\bin;%path%
set java_home=c:\Program Files\Java\jdk1.6.0_45
I need to use a 3rd party web service https://service.gov/Service.svc?wsdl that provides a certificate.PFX certificate (both service URI and certificate file are renamed as a way to protect the 3rd party's interests). I have made sure that after importing the certificate file in Windows I can open the WSDL file in my browser.
I first import the certificate in my keystore (using Administrator Command Prompt to get access to write in the system folder):
keytool -importkeystore -srckeystore certificate.pfx -srcstoretype pkcs12 -keystore "c:\Program Files\Java\jdk1.6.0_45\jre\lib\security\cacerts"
I get a success notification. Still, I make sure that the new certificate is present in the output of:
keytool -list -keystore "c:\Program Files\Java\jdk1.6.0_45\jre\lib\security\cacerts"
Then I create a new folder containing blank subfolders called src and classes. Once this is done, I run wsimport from that new folder (using Java class instead of binary to make sure I am explicit about the truststore being used):
java -classpath "c:\Program Files\Java\jdk1.6.0_45\lib\tools.jar" -Djavax.net.ssl.trustStore="c:\Program Files\Java\jdk1.6.0_45\jre\lib\security\cacerts" -Djavax.net.ssl.trustStorePassword=changeit com.sun.tools.internal.ws.WsImport https://service.gov/Service.svc?wsdl -s src -d classes
The output is the following:
parsing WSDL...
[ERROR] sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Failed to read the WSDL document: https://service.gov/Service.svc?wsdl, because 1) could not find the document; /2) the document could not be read; 3) the root element of the document is not <wsdl:definitions>.
[ERROR] failed.noservice=Could not find wsdl:service in the provided WSDL(s):
At least one WSDL with at least one service definition needs to be provided.
Failed to parse the WSDL.
The WSDL file contains and is used by other organisations, so the problem is pretty certainly not on the 3rd party's side.
Am I missing something? To me it all seems obvious by now, but it still doesn't work. I have also tried this with Java8, and the result is pretty much the same. The only difference is that in Java8, the WsImport class no longer exists, so I am using the wsimport.exe binary.
Thanks in advance for any ideas or hints.
The pfx file (which contains a certificate and also a private key) is for client authentication, while a truststore is for validating the server certificate. It is important to understand the difference between a keystore and a truststore.
You have imported the client certificate (and key) into the default truststore (cacerts). What you should have done instead is:
Import the issuer (CA) of the SSL certificate of the server into cacerts. You can skip this step if the CA certificate is already in cacerts, which is probably the case here.
Use the pfx file as your keystore for client authentication. The easiest way is to convert it to jks: https://stackoverflow.com/a/3054034/2672392 The properties to pass to wsimport are "javax.net.ssl.keyStore" and "javax.net.ssl.keyStorePassword".
See this answer for a list of important SSL properties: https://stackoverflow.com/a/5871352/2672392
I downloaded the current microsoft dynamics crm SDK, and was trying to run the 'Main' class which is in the Walkthrough -> java2crmpack folder. I imported all the classes in eclipse and also generated stubs using wsdl.
So, while running this class I am facing certificate issues as the url is 'https'.
While making an authentication request it uses https://login.microsoftonline.com/RST2.srf url.
As this is a https call, it requires a certificate. In order to make it run, I downloaded the certificate and inserted it in the truststore. The truststore location is provided in eclipse configuration, still the error persists.
Error : "unable to find valid certification path to requested target".
Kindly, help me in resolving this issue
This sort of error i have seen in two scenario's
1. Code unable to locate Truststore properly
2. Truststore does not have valid chain