Hi all,
I updated the certs with new comodo by replacing the .keytool with the new cert, and since I have been getting:
Client error: Invalid request: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have tried to add this to the java in jira.sh command line:
-Dcom.sun.net.ssl.checkRevocation=false
did not help. Also I added the previous keystore to the new one and now it has both the old and new keys in the keystore though:
# keytool -importkeystore -destkeystore .keystore -srckeystore .keystore-2017
Which now shows both with a keytool -list and still I get the same above error.
Argg, I do not like / understand certs
Any help would be truly appreciated,
Robert
The following commands fixed it. from the machine that is running the cli as root:
# openssl s_client -connect jira.verdasys.com:8443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt
# keytool -import -alias jira -keystore /usr/java/jre1.8.0_60/lib/security/cacerts -file public.crt
That is if the java for your system is choosing /usr/java/jre1.8.0_60/lib/security/cacerts as it's cert location.
I actually did a
#locate cacerts
which returns 5 choices and did it for every one of them. What is strange is that it is not the same one that was selected when running:
# alternatives --config java
which should show default java location.
Anyhow it worked for me
This could be related to this article.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No, that was not it, thanks for the answer though. At least someone is noticing me :)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.