Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-1863

Fix the yearly certificate problem, late 2018 edition

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      We need new certs for update center (inline in trusted.ci job) and crawler (secret text credential on trusted.ci) due to:

      Exception in thread "main" java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 15 16:54:02 UTC 2018

      (With 1 month grace period)

        Attachments

          Activity

          Hide
          danielbeck Daniel Beck added a comment -

          Past occurrences for context:

          Show
          danielbeck Daniel Beck added a comment - Past occurrences for context: Early 2015: INFRA-219 Early 2017: INFRA-1024 Late 2017: INFRA-1428
          Hide
          kohsuke Kohsuke Kawaguchi added a comment -

          New key and certificate deployed. UC gen is back to blue.

          Show
          kohsuke Kohsuke Kawaguchi added a comment - New key and certificate deployed. UC gen is back to blue.
          Hide
          kohsuke Kohsuke Kawaguchi added a comment -

          crawler is back to blue, too

          Show
          kohsuke Kohsuke Kawaguchi added a comment - crawler is back to blue, too
          Hide
          shamil Alex Simenduev added a comment - - edited

          I'm started to get this error since 15th of Decmber

           

          WARNING: signature check failed for http://updates.jenkins-ci.org/updates/hudson.tools.JDKInstaller.json
          ERROR: Signature verification failed in downloadable &#039;hudson.tools.JDKInstaller&#039; <a href='#' class='showDetails'>(show details)</a><pre style='display:none'>java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 15 16:54:02 GMT 2018<br> at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)<br> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629)<br> at sun.security.provider.certpath.BasicChecker.verifyValidity(BasicChecker.java:190)<br> at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144)<br> at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)<br>Caused: java.security.cert.CertPathValidatorException: validity check failed<br> at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)<br> at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233)<br> at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141)<br> at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)<br> at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)<br> at org.jvnet.hudson.crypto.CertificateUtil.validatePath(CertificateUtil.java:93)<br> at jenkins.util.JSONSignatureValidator.verifySignature(JSONSignatureValidator.java:85)<br> at hudson.model.DownloadService$Downloadable.updateNow(DownloadService.java:416)<br> at jenkins.model.DownloadSettings$DailyCheck.execute(DownloadSettings.java:121)<br> at hudson.model.AsyncPeriodicWork$1.run(AsyncPeriodicWork.java:101)<br> at java.lang.Thread.run(Thread.java:748)<br></pre> 

          I'm running latest docker image (jenkins/jenkins:lts-alpine) Jenkins ver. 2.150.1

          Show
          shamil Alex Simenduev added a comment - - edited I'm started to get this error since 15th of Decmber   WARNING: signature check failed for http: //updates.jenkins-ci.org/updates/hudson.tools.JDKInstaller.json ERROR: Signature verification failed in downloadable &#039;hudson.tools.JDKInstaller&#039; <a href= '#' class= 'showDetails' >(show details)</a><pre style= 'display:none' >java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 15 16:54:02 GMT 2018<br> at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)<br> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629)<br> at sun.security.provider.certpath.BasicChecker.verifyValidity(BasicChecker.java:190)<br> at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144)<br> at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)<br>Caused: java.security.cert.CertPathValidatorException: validity check failed<br> at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)<br> at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233)<br> at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141)<br> at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)<br> at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)<br> at org.jvnet.hudson.crypto.CertificateUtil.validatePath(CertificateUtil.java:93)<br> at jenkins.util.JSONSignatureValidator.verifySignature(JSONSignatureValidator.java:85)<br> at hudson.model.DownloadService$Downloadable.updateNow(DownloadService.java:416)<br> at jenkins.model.DownloadSettings$DailyCheck.execute(DownloadSettings.java:121)<br> at hudson.model.AsyncPeriodicWork$1.run(AsyncPeriodicWork.java:101)<br> at java.lang. Thread .run( Thread .java:748)<br></pre>  I'm running latest docker image (jenkins/jenkins:lts-alpine)  Jenkins ver. 2.150.1
          Hide
          danielbeck Daniel Beck added a comment -

          Issue in the previous comment is filed as INFRA-1944.

          Show
          danielbeck Daniel Beck added a comment - Issue in the previous comment is filed as INFRA-1944 .
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          To follow-up on the ping by Daniel Beck in the private channel, I will be available tomorrow after 9AM UTC if any of my credentials are needed to get it fixed. If not, please contact Mark Waite who might be able to provide some assistance 

           

          Show
          oleg_nenashev Oleg Nenashev added a comment - To follow-up on the ping by Daniel Beck in the private channel, I will be available tomorrow after 9AM UTC if any of my credentials are needed to get it fixed. If not, please contact Mark Waite who might be able to provide some assistance   

            People

            Assignee:
            kohsuke Kohsuke Kawaguchi
            Reporter:
            danielbeck Daniel Beck
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: