ignore ssl certificate

3,166 views
Skip to first unread message

Lukas Rytz

unread,
Sep 14, 2012, 3:42:40 AM9/14/12
to simple-b...@googlegroups.com
Hi,

one of the coursera students asks the following:

Is there a way to persuade sbt/javax.net to ignore the SSL certificate?

I'm behind a firewall that rewrites certificates, and get the following error:

> submit asd@sdf xyz
[info] Connecting to coursera. Obtaining challenge...
[error] Connection failed
[error] javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Any advice on how I could work around this?

Something like the git GIT_SSL_NO_VERIFY environment variable, or the wget --no-check-certificate flag would be the most straightforward.

Thanks.

Mark Harrah

unread,
Sep 15, 2012, 8:55:31 AM9/15/12
to simple-b...@googlegroups.com
On Fri, 14 Sep 2012 00:42:40 -0700 (PDT)
Lukas Rytz <rytz...@gmail.com> wrote:

> Hi,
>
> one of the coursera students asks the following:
>
> Is there a way to persuade sbt/javax.net to ignore the SSL certificate?
>
> I'm behind a firewall that rewrites certificates, and get the following
> error:
>
> > submit asd@sdf xyz
> [info] Connecting to coursera. Obtaining challenge...
> [error] Connection failed
> [error] javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>
> Any advice on how I could work around this?

Not sure, sorry. There doesn't appear to be a system property that affects this.

-Mark

> Something like the git GIT_SSL_NO_VERIFY environment variable, or the wget
> --no-check-certificate flag would be the most straightforward.
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups "simple-build-tool" group.
> To view this discussion on the web visit https://groups.google.com/d/msg/simple-build-tool/-/W5GkI98PrFcJ.
> To post to this group, send email to simple-b...@googlegroups.com.
> To unsubscribe from this group, send email to simple-build-t...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/simple-build-tool?hl=en.
>

Robin Green

unread,
Sep 17, 2012, 5:15:29 AM9/17/12
to simple-b...@googlegroups.com
I would like to understand this problem better. Is there any industry standard for rewriting certs in use here, and is there a recommended canonical way of dealing with this problem?

I guess I don't understand why you would use SSL if you don't have authentication of the other party. It seems pointless.

Josh Suereth

unread,
Sep 17, 2012, 6:59:00 AM9/17/12
to simple-b...@googlegroups.com

Three things that are usually the cause for SSL issues:

First, SSL has paid companies doing certificate authentication.   When I set up my personal computer,  I could get a CA to validate my ssl key, but it's a waste of my money just for internal resources.  

Also, SSL certs are tied to domains.   So, websites have to be aware of DNS routing tricks and return the right cert.   Sometimes this could mean multiple SSL certs for one site, or misconfigured sites.

Finally, when an SSL cert expires you have to renew, and this seems to be a big source of errors as well.

--
You received this message because you are subscribed to the Google Groups "simple-build-tool" group.
To view this discussion on the web visit https://groups.google.com/d/msg/simple-build-tool/-/s7iTzZQWNgMJ.

brien colwell

unread,
Nov 21, 2013, 4:20:03 AM11/21/13
to simple-b...@googlegroups.com
I've found that using Java 1.7 solves the issue. From the command line, before running sbt, switch to Java 7:

export JAVA_HOME=`/usr/libexec/java_home -v 1.7`

Sambit Tripathy

unread,
Sep 24, 2014, 6:42:18 PM9/24/14
to simple-b...@googlegroups.com
@Brien: I switched the java home to 1.7, yet no luck. Did you get the root cause of this issue?

Paul Phillips

unread,
Sep 15, 2012, 12:57:57 PM9/15/12
to simple-b...@googlegroups.com


On Fri, Sep 14, 2012 at 12:42 AM, Lukas Rytz <rytz...@gmail.com> wrote:

Any advice on how I could work around this?

Something like the git GIT_SSL_NO_VERIFY environment variable, or the wget --no-check-certificate flag would be the most straightforward.

It's not going to match those in straightforwardness, but if it's any use:


Reply all
Reply to author
Forward
0 new messages