Closed jfly closed 7 years ago
Here's what I see for our certificate currently:
C:\Users\Jeremy Fleischman\Downloads>openssl s_client -connect www.worldcubeassociation.org:443
Loading 'screen' into random state - done
CONNECTED(000001DC)
depth=2 /C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/CN=worldcubeassociation.org
i:/C=CN/O=WoSign CA Limited/CN=WoSign CA Free SSL Certificate G2
1 s:/C=CN/O=WoSign CA Limited/CN=WoSign CA Free SSL Certificate G2
i:/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
2 s:/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
---
...
After reading http://iam-jla.blogspot.com/2015/04/startssl-in-java.html, it sounds like Java doesn't include the StartCom/StartSSL root certificate in the cacerts file, so even though a webbrowser like Chrome will trust a certificate from StartSSL, Java will not.
I followed the instructions on https://github.com/haron/startssl-java to install the StartCom root certificate on Windows, and I can verify that the workbook assistant is working for me again.
I suspect this will be a problem for TNoodle when it hits the WCA website to check if you're using the latest version of TNoodle.
I just verified that on Windows 10 without the StartSSL root certificate installed, I see the same problem with TNoodle when hitting http://localhost:2014/version.json:
I'm reporting this because I was trying to help Gianluca generating the results for the Rome Summer Open
Neither me nor him can download the database. We are both using windows 10. Also, I'm using java 1.8.0_101:
C:\Users\Matteo Colombo\Desktop\Cubo\WCA>java -version
java version "1.8.0_101"
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)
Thanks for commenting, @MatteoColombo. The software team agreed that we should switch to a non StartSSL certificate, but we haven't found anyone to actually do the work yet.
Closing this as we're no longer using StartSSL.
On Windows 10, with Java 1.8.0_45, I get a
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
when the WA attempts to update its database export.