java - Openshift 部署 F8:无法访问集群以检测模式:sun.security.validator.ValidatorException
问题描述
我正在使用 fabric8 maven deploy 部署示例 springboot 应用程序。构建失败并出现 SSLHandshakeException。
F8: Cannot access cluster for detecting mode: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Failed to execute goal io.fabric8:fabric8-maven-plugin:3.1.80.redhat-000010:build (default) on project fuse-camel-sb-rest: Execution default of goal io.fabric8:fabric8-maven-plugin:3.1.80.redhat-000010:build failed: An error has occurred. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal io.fabric8:fabric8-maven-plugin:3.1.80.redhat-000010:build (default) on project fuse-camel-sb-rest: Execution default of goal io.fabric8:fabric8-maven-plugin:3.1.80.redhat-000010:build failed: An error has occurred.
因此,我从 Openshift webconsole 下载了公共证书并将其添加到 JVM 使用
C:\...\jdk.\bin>keytool -import -alias rootcert -file C:\sample\RootCert.cer -keystore cacerts
并收到消息,它已成功添加到密钥库,并且 list 命令显示添加的证书。
C:\...\jdk.\bin>keytool -list -keystore cacerts
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
rootcert, May 18, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): XX:XX:XX:..........
但是 mvn:fabric8 deploy 构建仍然失败并出现同样的异常。
有人可以阐明这个问题吗?我错过了什么吗?
解决方案
以下适用于 MacOS:
要安装的证书是在浏览器 URL 栏上找到的证书;
在 Firefox 上(至少)单击 URL 左侧的挂锁,然后继续向下Connection > / More Information / View Certificate / Details,最后Export...允许您在本地保存证书。
在命令行上,确定正在使用哪个 JRE maven:
$ mvn --version
Apache Maven 3.5.4 (1edded0938998edf8bf061f1ceb3cfdeccf443fe; 2018-06-17T19:33:14+01:00)
Maven home: /Users/.../apache-maven-3.5.4
Java version: 1.8.0_171, vendor: Oracle Corporation, runtime: /Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre
Default locale: en_GB, platform encoding: UTF-8
OS name: "mac os x", version: "10.12.6", arch: "x86_64", family: "mac"
您可能需要成为“root”才能更新 cacerts 文件。
$ sudo keytool -import -alias my-openshift-clustername -file /Users/.../downloads/my-cluster-cert.crt -keystore $JAVA_HOME/jre/lib/security/cacerts
Password: {your password for sudo}
Enter keystore password: {JRE cacerts password, default is changeit}
... keytool prints certificate details...
Trust this certificate? [no]: yes
Certificate was added to keystore
验证证书确实添加成功:
$ keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts
Enter keystore password: changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 106 entries
...other entries, in no particular order...
my-openshift-clustername, 25-Feb-2019, trustedCertEntry,
Certificate fingerprint (SHA1): F4:17:3B:D8:E1:4E:0F:AD:16:D3:FF:0F:22:73:40:AE:A2:67:B2:AB
...other entries...
推荐阅读
- python - 如何在 python 中组织包/模块
- c++ - 特征矩阵切片和数据()
- python - Pygame枪在左侧问题上向上旋转视线
- java - 线程“主”java.lang.IllegalStateException 中的异常:无法转换具有名称的类
- c# - MongoDB 仅限儿童搜索
- java - 将列表推送到新活动的更好方法?
- gitlab - 从 dev [gitlab] 创建一个新分支
- javascript - 也许你只是知道是什么让这个循环上的星号如此之多
- javascript - TestCafe 条件 if else web 元素如果第一个失败,如何继续下一个条件
- tensorflow - Google colab 未在完整数据集下进行训练