[jbosstools-issues] [JBoss JIRA] (JBDS-3002) certificate errors in installer

Nick Boldt (JIRA) issues at jboss.org
Mon Apr 7 20:12:13 EDT 2014 

    [ https://issues.jboss.org/browse/JBDS-3002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12959941#comment-12959941 ] 

Nick Boldt edited comment on JBDS-3002 at 4/7/14 8:11 PM:
----------------------------------------------------------

Similar signing/packing issues in JBDS-2977 and JBDS-2978.

This one won't likely be fixed in upstream as WTP 3.5.2 is at end of development.

http://download.eclipse.org/webtools/downloads/ (3.5.2 is the last build)
http://download.eclipse.org/webtools/patches/ (patch for 3.5.2 adds support for JDK 8)

If we wanted to fix this in JBDS 7.1.2 we'd have to unpack, remove signature, & repack all of WTP. I'd rather document the workaround for those few who might hit this problem:

{quote}
The org.eclipse.equinox.p2.engine JAR contained in the jbdevstudio-product-eap-universal-7.1.1.GA-v20140314-2145-B688.jar has a ECLIPSE_.RSA certificate that is signed by the root CA "GTE CyberTrust Solutions" but that root CA is not present in the openjdk cacerts (via openssl as described above):

{quote}
$openssl pkcs7 -in ECLIPSE_.RSA -print_certs -inform DER
subject=/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
issuer=/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
-----BEGIN CERTIFICATE-----
{quote}
But

{code}
keytool -list -v -keystore /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/cacerts | grep GTE
{code}
 produces no results

But I have the GTE root CA cert available in /usr/share/ca-certificates/mozilla/ so the steps to take are (as root)

{code}
cd /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/
mv cacerts oldcacertsold
cp /etc/ssl/certs/java/cacerts .
keytool -keystore /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/cacerts -importcert -alias GTECyberTrustGlobalRoot -file /usr/share/ca-certificates/mozilla/GTE_CyberTrust_Global_Root.crt
{code}

Now running java -jar jbdevstudio-product-eap-universal-7.1.1.GA-v20140314-2145-B688.jar works without errors.
{quote}
                
      was (Author: nickboldt):
    Smells like the same problem as JBDS-2977 and JBDS-2978.
                  
> certificate errors in installer 
> --------------------------------
>
>                 Key: JBDS-3002
>                 URL: https://issues.jboss.org/browse/JBDS-3002
>             Project: Developer Studio (JBoss Developer Studio)
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: installer, updatesite
>    Affects Versions: 7.1.1.GA
>            Reporter: Max Rydahl Andersen
>
> not sure if installer or updatesite that is root of the problem but seems we got bad nested jars in 7.1.1 somewhere according to https://community.jboss.org/message/866868
> 1. Downloaded jbdevstudio-product-eap-universal-7.1.1.GA-v20140314-2145-B688.jar
>  
> 2. Ran java -jar jbdevstudio-product-eap-universal-7.1.1.GA-v20140314-2145-B688.jar stuck to the defaults and clicked thru
>  
> 3. Install failed with an error re certificates not being trusted
>  
> 4. Log message in ~/jbdevstudio/studio/p2/director/configuration/1396752621141.log  as follows:
>  
> !ENTRY org.eclipse.equinox.p2.engine 8 0 2014-04-06 08:21:42.061
> !MESSAGE One or more certificates rejected. Cannot proceed with installation.
> could be an environment specific error - like debian missing a certificate?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbosstools-issues mailing list