I am getting the below build error :
[ERROR] The svn blame command [svn blame --xml --non-interactive -x -w xxxxx.java] failed: svn: E230001: Unable to connect to a repository at URL 'xxx-xxxx.java'
svn: E230001: Server SSL certificate verification failed: certificate issued for a different hostname, issuer is not trusted
I am using Subversion Edge by Collabnet with jenkins to run the build. Could you please help me out?
Here is the wording of the error message:
svn: E230001: Server SSL certificate verification failed: certificate issued for a different hostname, issuer is not trusted
The error you are getting "Server SSL certificate verification failed: issuer is not trusted" means that there is a problem with the certificate installed on SVN Edge server. The client does not trust the certificate and displays the error. Therefore, you should look into the certificate-related problems on CollabNet Subversion Edge server.
The only possible way to ignore the error is to use --trust-server-cert command line option. You also have to add --non-interactive option because your CI machine runs the Subversion client non-interactively.
If you use Subversion 1.9 client, you can also use --trust-server-cert-failures option which is intended to ignore a wider range of invalid certificates than --trust-server-cert that can only ignore certificates issued by unknown or not trusted certificate authority.
Related
So we have a self-hosted version of Atlassian BitBucket running on Ubuntu server which holds the code repository. We use a SSL certificate from DigiCert . Every year we renew the certificate which has never caused issues. However this time most of the developers are getting the following error when pushing and pulling code from GIT after the certificate was renewed
fatal: unable to access : SSL certificate problem: unable to get local
issuer certificate
Another Error:
fatal: unable to access : Peer's Certificate issuer is not
recognized.
However, when we try to access the website using Chrome (or any other browser), it works fine and there is no error
All searches online point to this error when you're using a self-signed or internal PKI certificate. We are totally stumped on why a certificate issued by a public authority like DigiCert is getting this error.
Any help on this would be highly appreciated.
Ensure the root cert is added to git.exe's certificate store as discussed here.
Tell Git where to find the CA bundle by running:
git config --system http.sslCAPath /absolute/path/to/git/certificates
or copying the CA bundle to the /bin directory and adding the following to the gitconfig file:
sslCAinfo = /bin/curl-ca-bundle.crt
Reinstalling Git.
Ensuring that the complete CA is present, including the root cert.
Check www.atlassian.com more ssl errors for resolutions.
I'm on a Windows system and when I try connecting to Ably, I'm getting the following errors(s):
cURL error: SSL certificate problem: self signed certificate in certificate chain
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
What am I doing wrong?
This error is caused by out of date root certificates on your server or local machine. In order to fix this problem, follow the instructions from one of the related issues:
PHP SSL certificate problem
Ruby certificate verify failed
When executing an openstack command, it is failing to verify a certificate that was signed by an internal CA.
CentOS 7
Root CA installed in /etc/pki/ca-trust/source/anchors
openstack 3.3.0
$ openstack server list
Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL. SSL exception connecting to https://XXXXX :13000/v2.0/tokens: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765)
I hit the url from a browser and downloaded the certificate. Then ran openssl verify successfully.
$ openssl verify -CAfile /etc/ssl/certs/ca-bundle.trust.crt 10.92.50.11.crt
10.92.50.11.crt: OK
Does the root CA need to be placed in another area for the command line to pick it up?
Explicitly pointing at the CA certificate by setting OS_CACERT did the trick. Other people in my environment didn't have to do this. I'm not sure why it was necessary, but that's what fixed my issue.
export OS_CACERT=/path/to/ca.crt
Reference: http://docs.openstack.org/user-guide/common/cli-set-environment-variables-using-openstack-rc.html
I have an issue installing mongodb via homebrew (new MacBook Pro, OS X 10.10.2, fresh installation). Apperantly, every other package that I try to install (for example wget) is throwing this errors, but the packages are correctly installed. Unfortunately, the installation of brew install mongodb fails with the following error:
==> Downloading https://downloads.sf.net/project/machomebrew/Bottles/mongodb-2.6.7.yosemite.bottle.tar.gz
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Error: Failed to download resource "mongodb"
Download failed: https://downloads.sf.net/project/machomebrew/Bottles/mongodb-2.6.7.yosemite.bottle.tar.gz
Warning: Bottle installation failed: building from source.
==> Installing mongodb dependency: scons
==> Downloading https://downloads.sf.net/project/machomebrew/Bottles/scons-2.3.4.yosemite.bottle.1.tar.gz
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Error: Failed to download resource "scons"
Download failed: https://downloads.sf.net/project/machomebrew/Bottles/scons-2.3.4.yosemite.bottle.1.tar.gz
Warning: Bottle installation failed: building from source.
==> Downloading https://downloads.sourceforge.net/scons/scons-2.3.4.tar.gz
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Error: Failed to download resource "scons"
Download failed: https://downloads.sourceforge.net/scons/scons-2.3.4.tar.gz
I also found this thread How to fix curl: (60) SSL certificate: Invalid certificate chain, where I added the certificate for downloads.sf.net and downloads.sourceforge.net (both use *.cloudfront.net as its certificate, and therefore, you get a domain missmatch) via Safari to "Always trust". After this, the installation fails with a SHA1 missmatch (and I also ran brew cleanup -s to cleanup the old cached packages):
==> Downloading https://downloads.sf.net/project/machomebrew/Bottles/mongodb-2.6.7.yosemite.bottle.tar.gz
######################################################################## 100.0%
Error: SHA1 mismatch
Expected: 4b1749b645a744b38b4959daac46bf80353e3b32
Actual: a2fd3379ea944f6b2f97fb0f79b7b85cb3e14d0b
Archive: /Library/Caches/Homebrew/mongodb-2.6.7.yosemite.bottle.tar.gz
To retry an incomplete download, remove the file above.
Warning: Bottle installation failed: building from source.
==> Installing mongodb dependency: scons
==> Downloading https://downloads.sf.net/project/machomebrew/Bottles/scons-2.3.4.yosemite.bottle.1.tar.gz
######################################################################## 100.0%
Error: SHA1 mismatch
Expected: 819d08b7e8c1ba2451db6d7d848f689b108b40aa
Actual: a2fd3379ea944f6b2f97fb0f79b7b85cb3e14d0b
Archive: /Library/Caches/Homebrew/scons-2.3.4.yosemite.bottle.1.tar.gz
To retry an incomplete download, remove the file above.
Warning: Bottle installation failed: building from source.
==> Downloading https://downloads.sourceforge.net/scons/scons-2.3.4.tar.gz
######################################################################## 100.0%
Error: SHA1 mismatch
Expected: 8c55f8c15221c1b3536a041d46056ddd7fa2d23a
Actual: a2fd3379ea944f6b2f97fb0f79b7b85cb3e14d0b
Archive: /Library/Caches/Homebrew/scons-2.3.4.tar.gz
To retry an incomplete download, remove the file above.
I also found this github issue https://github.com/Homebrew/homebrew/issues/28844, but I don't have any expired certificates in my keychain. Any help is appreciated!
I've just had the same issue. It appears to be temporary, as the SourceForge website is partially down.
The sourceforge.net website is temporarily in static offline mode.
Only a very limited set of project pages are available until the main website returns to service.
I imagine the issue will be resolved shortly and you will be able to retry in a couple of hours. There may be updates posted to https://twitter.com/sfnet_ops although there isn't currently any information on this particular outage.
I followed the instructions given on this page to import the server certificate.
When I use keytool -list, I can see that the certificate is actually in the keystore. If I try to import the .crt file, keytool warns me that the keystore already contains the certificate.
Then I updated wrapper.conf with the two ssl options. I can see them on the command line of the Nexus process after a restart.
But when I try to add a proxy repo for the remote server, I always get sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
What did I miss?
You have to import the custom CA certificate into the 'trustStore' and not into the 'keyStore'.
The procedure for creating a 'trustStore' is the same as the one for the 'keyStore'.
Once you have your *.jks file then link it using the following system properties:
javax.net.ssl.trustStore=<file>
javax.net.ssl.trustStorePassword=<password>
Error message means the JVM cannot properly authenticate the remote server's SSL cert. Very common if the remote server is using a self-signed cert instead of one signed by an official certificate authority (like verisign).
Your message is confusing. You've enabled SSL on your Nexus instance, however you talk about a proxy repo implying the problem SSL cert might be on another server.