Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Jicofo throws PKIX Path Not Found using quick install method

See original GitHub issue

After quick install, jicofo logs shows issues with SSL errors. Here’s a brief snippet

Jicofo 2018-03-28 20:59:35.573 WARNING: [63] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPTCPConnection[not-authenticated] (0) closed with error javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:798) at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:150) at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1055) at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:982) at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:998) at java.lang.Thread.run(Thread.java:748)

Throwing in -Djavax.net.debug=SSL to JAVA_SYS_PROPS= on /etc/jitsi/jicofo/config I get this

*** %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] Smack Packet Reader (0), SEND TLSv1.2 ALERT: fatal, description = certificate_unknown Smack Packet Reader (0), WRITE: TLSv1.2 Alert, length = 2 Smack Packet Reader (0), called closeSocket() Smack Packet Reader (0), handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target Jicofo 2018-03-28 21:03:34.846 SEVERE: [25] org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() Failed to connect/login: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid cert ification path to requested target at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1060) at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:982) at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:998) at java.lang.Thread.run(Thread.java:748)

On the surface, everything Jitsi works. Chat, video, and audio all work however it seems to be giving me issues with integrating with etherpad. I can’t get the etherpad icon to appear even though nginx and hitting the etherpad endpoint directly works.

Issue Analytics

State:
Created 5 years ago
Comments:13 (5 by maintainers)

Top GitHub Comments

10reactions

damenchocommented, Mar 28, 2018

There is a workaround which was recently added to jicofo, to skip these checks, if you are comfortable with that. You need to add to /etc/jitsi/jicofo/sip-communicator.properties org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true This is in jicofo build 395 and greater.

1reaction

eppesuigcommented, Dec 7, 2020

I found another corner case. If you are on a recent Debian system and you installed java 8 hotspot from adoptjdk, then the jre keystore is not managed by Debian ca-certtificates. In order to make it work the Debian way, issue these commands:

mv /usr/lib/jvm/adoptopenjdk-8-hotspot-amd64/jre/lib/security/cacerts{,-}
ln -s /etc/ssl/certs/java/cacerts /usr/lib/jvm/adoptopenjdk-8-hotspot-amd64/jre/lib/security/cacerts

Top Results From Across the Web

Setup JItsi URL and port - Install & Config

Issue: Jicofo throws PKIX Path Not Found using quick install method. opened by Annihil8ted on 2018-03-28. closed by Annihil8ted on 2018-04-02.

Enable authentication - Jitsi self hosting - GitLab

The only issue is that in the default Jitsi deployment (quick install) prosody uses self-signed certificates, so XMPP clients may display error messages...

DevOps Guide (scalable setup) | Jitsi Meet - GitHub Pages

The Youtube Tutorial on Scaling is outdated and describes an old configuration method. The current default Jitsi Meet install is already ...

The NetBSD package collection - pkgsrc.se

Path to this page: The following packages were found for maintainer: ... graphics/gdchart, Easy to use, fast C API for creating charts and...

Jitsi-meet - ArchWiki

jicofo : the Jitsi conference focus determining who is speaking; Prosody: a free XMPP server serving as the base of the setup. A...