Ok, I have a java 6 project , in mac high sierra, project with a mongo dependency.
repositories {
mavenCentral()
}
dependencies {
compile 'org.mongodb:mongo-java-driver:2.14.3'
}
I get an ssl error when building it using gradle as follows:
FAILURE: Build failed with an exception.
What went wrong:
Could not resolve all dependencies for configuration ':runtime'.
Could not resolve org.mongodb:mongo-java-driver:2.14.3.
Required by:
:buildSrc:unspecified
Could not GET 'https://repo1.maven.org/maven2/org/mongodb/mongo-java-driver/2.14.3/mongo-java-driver-2.14.3.pom'.
peer not authenticated
org.gradle.api.artifacts.ResolveException: Could not resolve all dependencies for configuration ':runtime'.
...
Caused by: org.gradle.internal.resource.transport.http.HttpRequestException: Could not GET 'https://repo1.maven.org/maven2/org/mongodb/mongo-java-driver/2.14.3/mongo-java-driver-2.14.3.pom'.
...
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
I tried importing the security certificate into the cacerts but this didn't do it.
#from /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home//lib/security/
openssl s_client -showcerts -connect repo1.maven.org:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >mavencert.pem
# from ~
$JAVA_HOME/bin/keytool -import -alias mavencert -keystore cacerts -file $JAVA_HOME/lib/security/mavencert.pem
# enter password: changeit
Upgrading to a never version of java is not a posiblity.
Please help.
The connection to https://repo1.maven.org using Java 6 fails because of the Java version you have installed does not support TLS1.2 and repo1.maven.org only supports TLS 1.2 connections.
If you really want to continue using Java 6 you need to install Java SE Development Kit 6, Update 111 or newer.
IMHO you should delete Java 6 (it is outdated and insecure) and install a current Oracle Java version. I assume your version is the one provided by Apple - AFAIK Apple has stopped support for their Java version. Therefore you should no longer use it.
Related
While the maven build is successful I am unable to import the dependencies to the project in IntelliJ. Below is the error its showing:
Could not transfer artifact com.sun.activation:jakarta.activation:pom:1.2.1 from/to central (https://XXXXXXXXXXXXXXXX/XXXXXX/XXXXXXXXXXXXXXX): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The server XXXXXXXXXXXXXXXX that you are collecting dependencies from has a self signed certificate so SSL comms cannot be established.
The server certificate needs to be added to java CACERTS. That way your maven will 'trust' the server and allow SSL.
To get the cert from XXXXXXXXXXXXXXXX you do this
You can add the cert to CACERTS with java keytool as follows: (assuming your java is at D:\Java and your cert is in a file called repo.cer
"D:\Java\bin\keytool.exe" -import -alias repo -keystore "D:\Java\jre\lib\security\cacerts" -storepass changeit -file repo.cer
Trust this certificate? [no]: answer is y
Success is indicated with: "Certificate was added to keystore"
Then set this JDK in Settings (Preferences on macOS) | Build, Execution, Deployment | Build Tools | Maven | Importing | JDK for importer in IDE.
I am trying to access a web service which has SSL enabled from stand alone java program . I was able to generate client from WSDL however when i am trying to invoke web service i get SSL handshake issue . Below is java code
TestWebService sh = (TestWebService) shs.getTestWebServiceExportTestWebServiceHttpPort();
BindingProvider port = (BindingProvider)sh;
port.getRequestContext().put(BindingProvider.
ENDPOINT_ADDRESS_PROPERTY, args[0]);
System.out.println( ((BindingProvider)sh).toString() );
The url that is lets say https://service.test.com/sca/TestWebService?wsdl
Below is the error message
Failed to access the WSDL at:
https://service.testwebservice.com/TestWebServiceExport?wsdl. It failed with:
Got com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=Corp Production Root CA V1, O=Cord Inc. is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error while opening stream from https://service.testwebservice.com/TestWebServiceExport?wsdl.
I have installed the ceritificate in IE browser from website but still no luck .
You are on the right track by installing the cert into IE browser - that would allow IE to access the web service without error. However, as your client is Java (and not IE), you need to install the cert into Java.
The Java command for doing this is as follows:
$JAVAHOME/bin/keytool -import -alias service.test.com -keystore $JAVA_HOME/jre/lib/security/cacerts -file ~/certfile.pem
Note: this will install the cert into the default keystore for that Java install. This will affect all Java processes using that JVM. The default password for the keystore is 'changeit'
I can not run the Spring security Kerberos example. I have this error:
GSSException: Failure unspecified at GSS-API level (Mechanism level:
Invalid argument (400) - Cannot find key of appropriate type to
decrypt AP REP - RC4 with HMAC)
Application server: Centos 6, Glassfish V3
DC: Windows 2008 R2 server
Customer: Windows 7
Not sure which versions you are on. I was getting exactly the same error on Kerberos version 1.0.0.M1 over JRE 7 initial version. Update JRE to the latest and update Kerberos to 1.0.0.RELEASE resolved this issue for me.
I had the same error because the keytab file was generated with the wrong /crypto configuration. Generate a new keytab file using /crypto ALL with the ktpass command:
ktpass /out "server.keytab" /crypto ALL /princ HTTP/server#REALM /mapuser KERBEROS_SERVICEUSER /pass PASSWORD /ptype KRB5_NT_PRINCIPAL
Replace HTTP/server#REALM, KERBEROS_SERVICEUSER and PASSWORD with according values.
I've a REST web service using Spring in Java 1.7 running on Tomcat 7. I've self signed cert on my dev machine. When I try to invoke the API using rest client, it gives below error:
peer not authenticated
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.wiztools.restclient.HTTPClientRequestExecuter.execute(HTTPClientRequestExecuter.java:387)
at org.wiztools.restclient.ui.RESTViewImpl$2.run(RESTViewImpl.java:320)
Can any one tell me how to get rid of this error without making any java code changes?
Note: I've run below command in my env already:
keytool -genkey -v -keyalg RSA -alias tomcat -keypass 12345 -storepass 12345
It looks like the server is requesting client authetication and you are not send one certificate from the client to the server. Try to run the VM with -Djavax.net.debug=all parameter.
And I don't think it is possible to do that without make changes to your code.
I get this problem if I use the jre 1.6. When I switch to jre 1.7 this problem goes away.
I did with following steps but its throwing exception:
1.I have installed openam 10.0.0 on windows server 2003.
2.Configured tomcat with ssl on the same windows server machine.
3.It is configured correctly and openam url is accessible with https.
4.Installed openam client sdk on another machine which is ubuntu machine and from that ubuntu machin i am trying to login to openam server using
AuthContext lc = new AuthContext("/","https://server.ensarm.com:8443/openam/namingservice");
AuthContext.IndexType indexType = AuthContext.IndexType.MODULE_INSTANCE;
lc.login(indexType, "DataStore");
return lc;
But i am getting following exception:
ERROR: Naming service connection failed for https://server.ensarm.com:8443/openam/namingservice
com.iplanet.services.comm.client.SendRequestException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I didn't understand what could be the problem.Is it due to to my java keystore (needed for ssl configuration) is on windows server machine and i have no keystore on ubuntu machine,
OR
need to import keystore into ubuntu machine.?? Please can anyone help me to get out of this.
“javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:”
It means the server does not have a valid certificate from an Authorized CA.
You are facing this exception because you are try to connect through SSL (https). You would need to import the server certificate into the JRE KeyStore.
Perform the following steps to resolve it:
Getting the certificate: Type the URL (e.g. https://server.ensarm.com:8443/openam/namingservice) in your browser.
You will now probably see a dialog box warning you about the certificate. Now click on the 'View Certificate' and install the certificate. Ignore any warning messages.
Next step would be to install export the certificate and installing it in the jre keystore. Use keytool certificate management utility to perform thishttp://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html .
Exporting certificate: Go to Tools->'Internet Options' ->Content->Certificates. Once you open the certificates, locate the one you just installed under 'Trusted Root Certification Authorities". Select the right one and click on 'export'. You can now save it (DER encoded binary) as e.g. mycert.cer.
Go to JRE\BIN and use the keytool -import command to import the file into your cacerts keystore.
E.g. keytool --import -alias MYCA -keystore ..\lib\security\cacerts -file c:\mycert.cer.
Enter keystore password: (by default it will be “changeit”).Input “yes” to the prompts.
Run command keytool -list -keystore ..\lib\security\cacerts . You will now see a list of all the certificates including the one you just added.