Updated certs with comodo now cli broken

Robert G. Nadon
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 24, 2018

Hi all,

I updated the certs with new comodo by replacing the .keytool with the new cert, and since I have been getting: 

Client error: Invalid request: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have tried to add this to the java in jira.sh command line: 

-Dcom.sun.net.ssl.checkRevocation=false

did not help.  Also I added the previous keystore to the new one and now it has both the old and new keys in the keystore though:

# keytool -importkeystore -destkeystore .keystore -srckeystore .keystore-2017

Which now shows both with a keytool -list and still I get the same above error.

Argg, I do not like / understand certs

Any help would be truly appreciated,

Robert

2 answers

1 accepted

1 vote
Answer accepted
Robert G. Nadon
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 26, 2018

The following commands fixed it.   from the machine that is running the cli as root:

# openssl s_client -connect jira.verdasys.com:8443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt

# keytool -import -alias jira -keystore /usr/java/jre1.8.0_60/lib/security/cacerts -file public.crt

That is if the java for your system is choosing /usr/java/jre1.8.0_60/lib/security/cacerts as it's cert location.

I actually did a 

#locate cacerts

which returns 5 choices and did it for every one of them.    What is strange is that it is not the same one that was selected when running:

# alternatives --config java

 which should show default java location.  

Anyhow it worked for me

1 vote
Sebastian Kleinholz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 24, 2018

This could be related to this article.

Robert G. Nadon
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 26, 2018

No, that was not it, thanks for the answer though.  At least someone is noticing me :)

Suggest an answer

Log in or Sign up to answer