Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CLA checker has ssl problems? #92

Closed
adriaanm opened this issue Dec 27, 2018 · 8 comments
Closed

CLA checker has ssl problems? #92

adriaanm opened this issue Dec 27, 2018 · 8 comments

Comments

@adriaanm
Copy link
Contributor

adriaanm commented Dec 27, 2018
edited
Loading 

2018-12-27 17:27:23,003 [ERROR] from spray.can.client.HttpClientConnection in application-akka.actor.default-dispatcher-6 - Aborting encrypted connection to www.lightbend.com/34.238.100.233:443 due to [SSLHandshakeException:General SSLEngine problem] -> [SSLHandshakeException:General SSLEngine problem] -> [ValidatorException:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] -> [SunCertPathBuilderException:unable to find valid certification path to requested target]

It happened when I upgraded that machine, so maybe the JVM was upgraded and cacerts were changed to no longer include what's needed to validate our own cert??

Looks like lightbend.com got a new cert around the time this started failing
@adriaanm adriaanm mentioned this issue Dec 27, 2018
Closed
@edwardcallahan
Copy link

Was this using a SAN on the old cert? That is, www.lightbend.com should validate from a modern JVM, but other SAN hostnames on the cert were dropped from the certificate.

@adriaanm
Copy link
Contributor Author

adriaanm commented Dec 27, 2018
edited
Loading

I have no idea :-/ The error is

Aborting encrypted connection to www.lightbend.com/34.238.100.233:443 due to 
[SSLHandshakeException:General SSLEngine problem] 
-> [SSLHandshakeException:General SSLEngine problem] 
-> [ValidatorException:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] 
-> [SunCertPathBuilderException:unable to find valid certification path to requested target]

(So, it looks like it's just using plain www.lightbend.com as the hostname.)

@adriaanm
Copy link
Contributor Author

I followed https://askubuntu.com/questions/645818/how-to-install-certificates-for-command-line and added https://support.comodo.com/index.php?/Knowledgebase/Article/View/970/108/intermediate-2-sha-2-comodo-rsa-domain-validation-secure-server-ca. That fixed it.

@edwardcallahan
Copy link

Interesting. So you needed to add the Comodo intermediate. @JustinPihony, did you upload or merge the comodo intermediate? If not, that would seem to be the change/difference. The CA vendor did not change between certs.

@JustinPihony
Copy link

JustinPihony commented Dec 28, 2018 via email

@JustinPihony
Copy link

This has been handled at the server level, so it should work everywhere now. I'm unsure if your workaround will need to be removed or not @adriaanm

@JustinPihony
Copy link

Can this be closed?

@adriaanm
Copy link
Contributor Author

adriaanm commented Jan 8, 2019

Yep

@adriaanm adriaanm closed this as completed Jan 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adriaanm @edwardcallahan @JustinPihony