Skip to content
This repository has been archived by the owner on May 30, 2024. It is now read-only.

Setting Trust Store location in JAVA_OPTS causes LD SDK to fail #124

Closed
ghost opened this issue Apr 3, 2018 · 2 comments
Closed

Setting Trust Store location in JAVA_OPTS causes LD SDK to fail #124

ghost opened this issue Apr 3, 2018 · 2 comments

Comments

@ghost
Copy link

ghost commented Apr 3, 2018
edited by ghost
Loading

Hello,

When referencing our own trustStore location, -Djavax.net.ssl.trustStore=/path/to/our/certs/cacerts.jks, the LD SDK throws the following error:

com.launchdarkly.client.StreamProcessor [] - Encountered EventSource error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Is there a way to set the cert location for the SDK? Or is there somewhere we can get the LD cert to add it ourselves?

Thank you,
Travis Meares
@eli-darkly
Copy link
Contributor

Hi - I'm sorry we didn't respond to this issue sooner. You may have already figured it out since then, but if not:

  1. What you need is not the LaunchDarkly certificate itself, but the CA certificates that it depends on. There are several ways to get these:
  • In Linux, type openssl s_client -connect app.launchdarkly.com:443 -showcerts. You will get a lot of output. Look for the phrase "CN=GlobalSign CloudSSL CA - SHA256 - G3". Directly below that is a certificate; copy everything from "-----BEGIN CERTIFICATE-----" up to and including "-----END CERTIFICATE-----". Paste it into a text editor and save it to a file. Then do the same thing for "CN=GlobalSign Root CA".
  • In Chrome on a Mac, navigate to app.launchdarkly.com, then click the padlock icon next to the URL and choose "Certificate". You'll get a pop-up window with a list of three items (on Windows, you'll need to go to the Certification Path tab to see these items). Click on "GlobalSign CloudSSL CA - SHA256 - G3"; then click on the large icon in the lower panel and drag it to your desktop. This will create a .cer file containing the certificate. Do the same for "GlobalSign Root CA".
  • In Chrome on Windows, navigate to app.launchdarkly.com, then click the padlock icon next to the URL and choose "Certificate". You'll get a pop-up window with tabs; go to the "Certification Path" tab and you'll see two items. Click on "GlobalSign CloudSSL CA - SHA256 - G3", then click "View Certificate". Click "Details", then "Copy to File..." and specify a filename. Repeat all this for "GlobalSign Root CA".
  1. Now, for each of the two certificate files, run this command:
$JAVA_HOME/bin/keytool -import -trustcacerts -alias "<some short name for certificate>" -file /path/to/cert/file -keystore /path/to/cacerts.jks

@eli-darkly
Copy link
Contributor

I'll close this issue for now, but please feel free to reopen it if you have any further problems.

LaunchDarklyCI pushed a commit that referenced this issue Sep 27, 2019
@eli-darkly
Merge pull request #124 from launchdarkly/eb/ch32302/metric-value
be2f93a 
add optional metric value to track()
@anranstl anranstl mentioned this issue Sep 5, 2022
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eli-darkly