• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: certficate on wocommunity.org
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: certficate on wocommunity.org

  • Subject: Re: certficate on wocommunity.org
  • From: Samuel Pelletier <email@hidden>
  • Date: Fri, 23 Feb 2018 09:38:21 -0500
Hi Maik,

No more complaints from Eclipse.

About compatibility, Let's Encrypt works with Java 7 >= 7u111 and Java 8 >=
8u101 out of the box. For previous versions, the Let's Encrypt root certificate
need to be added to the Java root store.

Samuel


> Le 23 févr. 2018 à 03:28, Maik Musall <email@hidden> a écrit :
>
> Hi Samuel,
>
> thanks for noticing. I had set up the scripting to upload the entire chain to
> the load balancer, but apparently it ignores the intermediate in that
> process. So I now set the intermediate in it's intermediate store, and it
> seems it's working now.
>
> I also noticed ssllabs complaining about weak DH parameters. Unfortunately I
> can't set those per service, and globally setting DH keys longer than 1024
> would break some sites that rely on connectivity with older clients. But I
> changed the ciphersuites set in favor of ECDHE instead of DHE, which also
> solves this. Java 6 could have a problem with this, but I guess (and hope)
> nobody's still using that to run Eclipse or something.
>
> I also set a CAA DNS record, and now we've got an A rating :)
>
> Can you please check if you can access without problems now?
>
> Thanks
> Maik
>
>
>> Am 23.02.2018 um 01:38 schrieb Samuel Pelletier <email@hidden
>> <mailto:email@hidden>>:
>>
>> Hi Maik,
>>
>> I think there is a missing chain cert on the server.
>>
>> At least Eclipse update refuse to connect to the update site with this error:
>> Unable to read repository at
>> https://jenkins.wocommunity.org/job/WOLips47/lastSuccessfulBuild/artifact/temp/dist/content.xml
>>
>> <https://jenkins.wocommunity.org/job/WOLips47/lastSuccessfulBuild/artifact/temp/dist/content.xml>.
>> Unable to read repository at
>> https://jenkins.wocommunity.org/job/WOLips47/lastSuccessfulBuild/artifact/temp/dist/content.xml
>>
>> <https://jenkins.wocommunity.org/job/WOLips47/lastSuccessfulBuild/artifact/temp/dist/content.xml>.
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target
>>
>> Checking the ssl config with
>> https://www.ssllabs.com/ssltest/analyze.html?d=jenkins.wocommunity.org
>> <https://www.ssllabs.com/ssltest/analyze.html?d=jenkins.wocommunity.org>
>> reveals that the certificate chain is incomplete.
>>
>> I do not have problems with browser that either already have it or download
>> it silently but Java does not seem to like this.
>>
>> With apache, the chain is added with a config like this:
>> SSLCertificateChainFile "/[...]/letsencrypt/live/[...]/chain.pem"
>>
>> Samuel
>>
>>
>>
>>> Le 21 févr. 2018 à 11:34, Maik Musall <email@hidden
>>> <mailto:email@hidden>> a écrit :
>>>
>>> Done.
>>>
>>> Sorry for the delay, it took a while to figure out how to automate this
>>> with our load balancers in front of everything terminating the TLS
>>> connections ;-)
>>>
>>> Maik
>>>
>>>
>>>> Am 21.02.2018 um 08:23 schrieb Maik Musall <email@hidden
>>>> <mailto:email@hidden>>:
>>>>
>>>> Hi all,
>>>>
>>>> I just noticed that the TLS certificate on wocommunity.org
>>>> <http://wocommunity.org/> has expired, and I thought I already had set up
>>>> letsencrypt so I ignored the warning emails from Comodo. Turns out I had
>>>> not. So hang on, I will fix this today.
>>>>
>>>> Maik
>>>>
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be ignored.
>>>> Webobjects-dev mailing list      (email@hidden
>>>> <mailto:email@hidden>)
>>>> Help/Unsubscribe/Update your Subscription:
>>>>
>>>>
>>>> This email sent to email@hidden <mailto:email@hidden>
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Webobjects-dev mailing list      (email@hidden
>>> <mailto:email@hidden>)
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden <mailto:email@hidden>
>>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >certficate on wocommunity.org (From: Maik Musall <email@hidden>)
 >Re: certficate on wocommunity.org (From: Maik Musall <email@hidden>)
 >Re: certficate on wocommunity.org (From: Samuel Pelletier <email@hidden>)
 >Re: certficate on wocommunity.org (From: Maik Musall <email@hidden>)

  • Prev by Date: Re: certficate on wocommunity.org
  • Next by Date: Single Sign-On
  • Previous by thread: Re: certficate on wocommunity.org
  • Next by thread: Single Sign-On
  • Index(es):
    • Date
    • Thread