Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Maven plugin fails due to mismatching registry certificates despite correct certs
See original GitHub issueWhen using Google’s jib maven plugin to build and push images to OpenShift Online registry, the plugin complains about mismatching certificates:
Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: <registry.pro-us-east-1.openshift.com> != <*.b9ad.pro-us-east-1.openshiftapps.com> OR <*.b9ad.pro-us-east-1.openshiftapps.com> OR <b9ad.pro-us-east-1.openshiftapps.com>
at org.apache.http.conn.ssl.AbstractVerifier.verify (AbstractVerifier.java:220)
at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify (BrowserCompatHostnameVerifier.java:54)
at org.apache.http.conn.ssl.AbstractVerifier.verify (AbstractVerifier.java:149)
at org.apache.http.conn.ssl.AbstractVerifier.verify (AbstractVerifier.java:130)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket (SSLSocketFactory.java:339)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection (DefaultClientConnectionOperator.java:123)
at org.apache.http.impl.conn.AbstractPoolEntry.open (AbstractPoolEntry.java:147)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open (AbstractPooledConnAdapter.java:108)
at org.apache.http.impl.client.DefaultRequestDirector.execute (DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute (AbstractHttpClient.java:641)
at org.apache.http.impl.client.AbstractHttpClient.execute (AbstractHttpClient.java:576)
at org.apache.http.impl.client.AbstractHttpClient.execute (AbstractHttpClient.java:554)
at com.google.api.client.http.apache.ApacheHttpRequest.execute (ApacheHttpRequest.java:65)
at com.google.api.client.http.HttpRequest.execute (HttpRequest.java:981)
at com.google.cloud.tools.jib.http.Connection.send (Connection.java:124)
Steps to Reproduce:
$ wget https://github.com/spring-projects/spring-petclinic/archive/master.zip
$ unzip master
$ cd spring-petclinic-master
$ export PRJ_NAME=testprj
$ oc login ONLINE
$ oc new-project $PRJ_NAME
$ mvn compile com.google.cloud.tools:jib-maven-plugin:0.9.6:build -Dimage=registry.pro-us-east-1.openshift.com/$PRJ_NAME/spring-petclinic
This is while the registry certificates are correct:
curl -v --head https://registry.pro-us-east-1.openshift.com
* Server certificate:
* subject: C=US; ST=North Carolina; L=Raleigh; O=Red Hat Inc.; OU=RHC Cloud Operations; CN=*.pro-us-east-1.openshift.com
* start date: May 19 00:00:00 2018 GMT
* expire date: May 23 12:00:00 2019 GMT
* subjectAltName: host "registry.pro-us-east-1.openshift.com" matched cert's "*.pro-us-east-1.openshift.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
Problems using Maven and SSL behind proxy - Stack Overflow
Tell Maven to accept the certificate even though it isn't signed. For option 1 you can use the keytool command and follow the...
Read more >Remote repository access through authenticated HTTPS
This document describes how to configure Maven to access a remote repository that sits behind an HTTPS server which requires client authentication with ......
Read more >Unable to find valid certification path to requested target
With this brief background, the error message "unable to find valid certification path to requested target" begins to makes some sense — what...
Read more >Getting SSL cert error trying to install plugins from two different ...
In recent versions of Eclipse, I'm having trouble installing two different plugins. The two plugin names are "Bash Editor" and "Emacs+".
Read more >Solve “unable to find valid certification path to requested target”
The most common situation in which this error is faced is when a package build process tries to access the maven package repository....
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@siamaksade I suspect this was a configuration problem that has since been fixed with OpenShift. I’m able to push an image to a slightly-different OpenShift registry with Jib 0.9.7-SNAPSHOT.
(0.9.6 has authentication bug that affects OpenShift, fixed with #614. You can build from head and use Jib 0.9.7-SNAPSHOT.)
We use the Google HTTP client under the hood which supports voluminous logging with java.util.logging. If you’re still having a problem then please create a
log.propertieswith the following (edited to useCONFIGto avoid including authorization data):and then run your Maven command with:
We do a lot of requests in parallel so the output can be confusing to see; I wonder if we could serialize execution to simplify this.
By background, OpenShift provides a registry as
registry.<location>.openshift.com. In my case, did the following:ca-central-1testprjdocker login -u <login> -p $(oc whoami -t) registry.starter-ca-central-1.openshift.com.registry.starter-ca-central-1.openshift.com/testprj/foowith 0.9.7-SNAPSHOT.@siamaksade Feel free to reopen if the issue persists.