Open davidhcar opened 10 months ago
@anthonysena @chrisknoll Any idea? It looks like the maven ohdsi repo certificate store is unable to to trust to bring the certificate to local java certificate store at this path, '/etc/ssl/certs/java/cacerts'
Appreciate your responses. Thank you!
Would need @alondhe to chime in.
@alondhe Appreciate your insights, on what might have changed.
From discussion on the Atlas WG, we had noted that there is a recent change to Broadsea that might be helpful: https://github.com/OHDSI/Broadsea/commit/1aad75b649c8bf25ebe9fd750b4589caab4966b2
Sorry for the delay, December was crazy. In Broadsea develop branch, we have made changes to how to use cacerts files:
We don't have coverage of how to generate your cacerts file, but you can find that in many articles online. Generate it (or copy it) on a system in your network that has the proper trusts and then point to it using env variable WEBAPI_CACERTS_FILE.
Expected behavior
Set up maven with ca-certificates-java by bringing maven certificate to the local java certificate store at '/etc/ssl/certs/java/cacerts' Never experienced this error before with the docker build.
Thank you in advance!!
Actual behavior
Setting up ca-certificates-java (20190405) ... 59.29 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory 59.53 Exception in thread "main" java.lang.InternalError: Error loading java.security file 59.53 at java.base/java.security.Security.initialize(Security.java:94) 59.53 at java.base/java.security.Security$1.run(Security.java:79) 59.53 at java.base/java.security.Security$1.run(Security.java:77) 59.53 at java.base/java.security.AccessController.doPrivileged(Native Method) 59.53 at java.base/java.security.Security.(Security.java:77)
59.53 at java.base/sun.security.jca.ProviderList.(ProviderList.java:176)
59.53 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
59.53 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:92)
59.53 at java.base/java.security.AccessController.doPrivileged(Native Method)
59.53 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:91)
59.53 at java.base/sun.security.jca.Providers.(Providers.java:54)
59.53 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
59.53 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
59.53 at org.debian.security.KeyStoreHandler.(KeyStoreHandler.java:50)
59.53 at org.debian.security.UpdateCertificates.(UpdateCertificates.java:65)
59.53 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
59.54 dpkg: error processing package ca-certificates-java (--configure):
59.54 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
59.54 Setting up default-jre-headless (2:1.11-71) ...
59.58 dpkg: dependency problems prevent configuration of openjdk-11-jre-headless:amd64:
59.58 openjdk-11-jre-headless:amd64 depends on ca-certificates-java (>= 20190405~); however:
59.58 Package ca-certificates-java is not configured yet.
Steps to reproduce behavior
Build WebAPI 2.13 release with Docker image