Upsource – PKIX路径SSL证书问题

huangapple go评论73阅读模式
英文:

Upsource - PKIX path SSL certs issue

问题

以下是您要翻译的内容:

我已经被这个问题困扰了几个星期,真的不确定该如何绕过SSL错误来连接Upsource JetBrains工具。我正在按照下面的文档进行操作:

https://upsource-support.jetbrains.com/hc/en-us/articles/206545609-Using-self-signed-certificates-to-connect-to-a-Git-repo

并且添加了以下内容:

sudo Library/java/JavaVirtualMachines/adopt-openjdk-11.0.7/Contents/Home/bin/keytool -import -alias brinternal1 -keystore /Users/camposf/Documents/upsource-2020.1.1802/bin/upsource.sh -file Library/Java/JavaVirtualMachines/adopt-openjdk-11.0.7/Contents/Home/lib/security/cacerts

到我的终端(我在使用Mac),但是仍然出现以下消息:

This keystore does not support probing and must be loaded with a specified type

我们之前遇到过SSL和Java的一些问题,由另一名开发人员修复了,但我想知道这是否可能是之前所做的操作与现在之间的某种冲突?

我认为以前可能使用了以下内容,但那也是针对不同的JDK版本:

sudo keytool -import -alias brinternal1 -file bedrock-ca.pem -trustcacerts /Users/camposf/Documents/upsource-2020.1.1802/Library/Java/JavaVirtualMachines/jdk1.8.0_191.jdk/Contents/Home/jre/lib/security/cacerts -storepass changeit

我对这种类型的证书工作非常陌生,任何帮助都将不胜感激。

非常感谢。

更新

根据Dave的回答,使用的命令似乎是错误的,路径混淆了。将其更新为以下内容,并获得了确认消息,表示证书已添加到密钥库中。但是,即使重新启动计算机,仍然出现PKIX SSL问题。无论是在本地还是在Docker上都尝试过。

sudo Library/java/JavaVirtualMachines/adopt-openjdk-11.0.7/Contents/Home/bin/keytool -import -alias brinternal2 -keystore Library/Java/JavaVirtualMachines/adopt-openjdk-11.0.7/Contents/Home/lib/security/cacerts -file bedrock.cer

Upsource – PKIX路径SSL证书问题

Upsource – PKIX路径SSL证书问题

英文:

I'm stuck on this problem for a few weeks now and really not sure what do to bypass a SSL error to connect to the Upsource Jetbrains tool. I'm following the below documentation

https://upsource-support.jetbrains.com/hc/en-us/articles/206545609-Using-self-signed-certificates-to-connect-to-a-Git-repo

And added

sudo Library/java/JavaVirtualMachines/adopt-openjdk-11.0.7/Contents/Home/bin/keytool -import -alias brinternal1 -keystore /Users/camposf/Documents/upsource-2020.1.1802/bin/upsource.sh -file Library/Java/JavaVirtualMachines/adopt-openjdk-11.0.7/Contents/Home/lib/security/cacerts

to my terminal (I'm on a Mac) but this message keeps appearing:

This keystore does not support probing and must be loaded with a specified type

We had some issues with SSL and Java before and they were fixed by another developer but am wondering if this could have been some conflict between what was done back then and now?

This is what I believe it may have been used before but it was also for a different JDK version.

sudo keytool -import -alias brinternal1  -file bedrock-ca.pem -trustcacerts /Users/camposf/Documents/upsource-2020.1.1802/Library/Java/JavaVirtualMachines/jdk1.8.0_191.jdk/Contents/Home/jre/lib/security/cacerts -storepass changeit

I'm very new to this type of certs work and any help is much appreciated.

Thanks very much.

UPDATE

As per Dave's answer, the command used seemed to be wrong having the paths mixed up. Updated it to the below and got a confirmation message saying the certificate has been added to the keystore. However, still getting the PKIX SSL issue even after restarting the computer. Tried both locally and on docker.

sudo Library/java/JavaVirtualMachines/adopt-openjdk-11.0.7/Contents/Home/bin/keytool -import -alias brinternal2 -keystore Library/Java/JavaVirtualMachines/adopt-openjdk-11.0.7/Contents/Home/lib/security/cacerts -file bedrock.cer

Upsource – PKIX路径SSL证书问题

Upsource – PKIX路径SSL证书问题

答案1

得分: 0

好的,以下是翻译好的部分:

看起来 Upsource 使用他们自己的 JDK。通过输入以下命令找到了这个信息:

/Users/myUser/Documents/upsource-2020.1.1802/bin/upsource.sh java print

所以通过在我的终端中输入以下命令,从证书文件所在的位置解决了这个问题(在我们的情况下是 bedrock.cert):

sudo /Users/myUser/Documents/upsource-2020.1.1802/internal/java/mac-x64/bin/keytool -import -alias brinternal2 -keystore  /Users/camposf/Documents/upsource-2020.1.1802/internal/java/mac-x64/jre/lib/security/cacerts -file bedrock.cer

似乎也可以通过输入以下命令,使 Upsource 指向您自己的本地 JDK:

/Users/myUser/Documents/upsource-2020.1.1802/bin/upsource.sh java set <您首选 JDK 的主目录路径>

其中 <您首选 JDK 的主目录路径> 可以通过使用 echo $JAVA_HOME 命令找到。

不确定更改这个是否是明智的做法。

英文:

It seems Upsource uses their own JDK. Found out about it by typing

/Users/myUser/Documents/upsource-2020.1.1802/bin/upsource.sh java print

So fixed the issue by typing the following command on my terminal from where the certs file was located (bedrock.cert in our case):

sudo /Users/myUser/Documents/upsource-2020.1.1802/internal/java/mac-x64/bin/keytool -import -alias brinternal2 -keystore  /Users/camposf/Documents/upsource-2020.1.1802/internal/java/mac-x64/jre/lib/security/cacerts -file bedrock.cer

It also seems to be possible to have Upsource to point to your own local jdk by typing

/Users/myUser/Documents/upsource-2020.1.1802/bin/upsource.sh java set &lt;home path for your preferred jdk&gt;

where <home for your preferred jdk> can be by found using the echo $JAVA_HOME command.

Not sure how advisable would be to change that though.

huangapple
  • 本文由 发表于 2020年9月26日 21:37:22
  • 转载请务必保留本文链接:https://go.coder-hub.com/64078312.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定