Why does clclient client have different behavior (SSL related) on DO blobs?
On my Ubuntu (16.04) dev. env. I can create a default httpclient
and send a request to an endpoint https
(like Slack), however, on prod. env. (DO drops since Ubuntu 14.04) I am getting this error:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
edit: still trying to figure it out ... I guess DO blobs with Java (Oracle) installed do not have the same certifications than Ubuntu desktop images. I added the Slack certificate (got it using this tool InstallCert
mentioned elsewhere on SO) to cacerts
(and run update-ca-certificates
) to no avail.
source to share
Your Java cacerts may be missing root geotrust.
You can see which certificates are trusted using keytool. For example, for the oracle JVM:
keytool -list -keystore /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts
Look for an entry with the correct signature, i.e .:
debian:geotrust_global_ca.pem, 18/05/2015, trustedCertEntry,
Certificate fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
If you are not trusted, you can install it by downloading from:
https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem
Install it with
keytool -import -trustcacerts -file GeoTrust_Global_CA.pem -alias GeoTrust_Global_CA -keystore $JAVA_HOME/jre/lib/security/cacerts
source to share