search

openequella / openEQUELLA-admin-console-package

Project to build a stand-alone admin console (launcher) package
Other
2 stars 5 forks source link

Admin console not recognising Sectigo SSL cert? #110

Closed marcus-leonard closed 1 year ago

marcus-leonard commented 1 year ago

I can't connect to Equella instance with Linux admin console 1.1.0 or 1.2.0 (same errors for both versions).

Java CLI output:

...
[SwingWorker-pool-1-thread-1] DEBUG org.apereo.openequella.adminconsole.util.ExecUtils - Exec [/path/to/equella/admin-console-package-for-linux-1.2.0/jdk-11.0.18+10-jre/bin/java, -cp, adminconsole.jar, -Djnlp.ENDPOINT=https://equella.monash.edu/more/, -Dplugin.cache.dir=/home/marcus/openequella-admin-console/ad1cffbf-f90e-4c16-a4db-989ec02e147e/cache, -DSERVER_NAME=Equella (More), com.tle.admin.boot.Bootstrap]
Exception in thread "main" java.lang.RuntimeException: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.tle.admin.boot.Bootstrap.run(Bootstrap.java:129)
    at com.tle.admin.boot.Bootstrap.main(Bootstrap.java:71)
Caused by: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.tle.admin.boot.Bootstrap.login(Bootstrap.java:180)
    at com.tle.admin.boot.Bootstrap.run(Bootstrap.java:112)
    ... 1 more
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
    at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
    at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
    at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
    at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
    at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
    at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown Source)
    at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
    at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
    at com.tle.core.remoting.SessionLogin.postLogin(SessionLogin.java:44)
    at com.tle.admin.boot.Bootstrap.tryLogin(Bootstrap.java:190)
    at com.tle.admin.boot.Bootstrap.login(Bootstrap.java:166)
    ... 2 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at java.base/sun.security.validator.Validator.validate(Unknown Source)
    at java.base/sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 22 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 28 more
[SwingWorker-pool-1-thread-1] INFO org.apereo.openequella.adminconsole.util.ExecUtils - Exec finished with status 1

Certificate details:

subject=C = AU, ST = Victoria, O = Monash University, CN = equella.monash.edu
issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Organization Validation Secure Server CA
SammyIsConfused commented 1 year ago

Hi there @marcus-leonard,

This seemed to be a hosting issue, it was a problem with the certificate on the server as opposed to a problem with the admin-console-package.

I have confirmed with the hosting team that this problem should now be fixed, and I just tested logging into the Monash server via a fresh copy of the admin-console-package v1.2.0 and I was able to get in. Would you mind trying to log in again?

marcus-leonard commented 1 year ago

Hi @SammyIsConfused,

Yes, working now, thank you. Maybe a cert chain issue? Anyway, all good at this end.

Cheers.