[SAC] 'peer not authenticated' error when trying to use repo.osgeo.org

Regina Obe lr at pcorp.us
Wed Dec 8 17:11:26 PST 2021 

Ah I just noticed that article I linked to has a section on Java.  Not sure if that is helpful.

Here is the bit from it, hopefully makes more sense to you than me

------------------------------------------
Java based systems etc​

Some applications maintain their own trust store. You may need to add the newer ISRG Root X1 certificate into your systems trusts store. Any system that can't be updated needs to see the legacy chain or you need to switch CA.

e.g. for Java you might use: keytool -import -alias isrgrootx1 -keystore $JAVA_HOME/jre/lib/security/cacerts -trustcacerts -file isrgrootx1.cer (credit)
-----

> -----Original Message-----
> From: Regina Obe [mailto:lr at pcorp.us]
> Sent: Wednesday, December 8, 2021 8:09 PM
> To: 'System Administration Committee Discussion/OSGeo'
> <sac at lists.osgeo.org>
> Subject: RE: [SAC] 'peer not authenticated' error when trying to use
> repo.osgeo.org
> 
> This sounds like it might be an SSL issue.
> 
> We had issues with the certs cause we are using Letsencrypt and the Letsencrypt
> root certificate expired as detailed here:
> https://docs.certifytheweb.com/docs/kb/kb-202109-letsencrypt/
> 
> That necessitated updating all the servers and on my projects I had to update
> the docker images we were using.
> 
> So I'm guessing your openjdk might be linked to some old certs.
> It's odd you are having issue with the newer one and not the older though.
> 
> Are you running both on same server?
> 
> Usually an OS update (for newer OS) fixes the issue.
> Unfortunately I don't know much about Java to know things like what cert path
> it uses or even how to test maven.
> 
> I'm also puzzled that some artifacts are downloaded and some are not.
> Are these by chance maybe cached and it's the newer artifacts you are having
> issue with?
> 
> Hope that help,
> Regina
> 
> 
> 
> > -----Original Message-----
> > From: Sac [mailto:sac-bounces at lists.osgeo.org] On Behalf Of Andreas
> > Barth
> > Sent: Wednesday, December 8, 2021 6:01 AM
> > To: sac at lists.osgeo.org
> > Subject: [SAC] 'peer not authenticated' error when trying to use
> > repo.osgeo.org
> >
> > I'm using this artifact in a Maven project:
> >
> > ```
> > <dependency>
> >    <groupId>org.geotools</groupId>
> >    <artifactId>gt-shapefile</artifactId>
> >    <version>26.1</version>
> > </dependency>
> > ```
> >
> > I included the OSGeo repository in my `pom.xml` file like this:
> >
> > ```
> > <repository>
> >    <id>osgeo</id>
> >    <name>OSGeo Release Repository</name>
> >    <url>https://repo.osgeo.org/repository/release/</url>
> >    <snapshots><enabled>false</enabled></snapshots>
> >    <releases><enabled>true</enabled></releases>
> > </repository>
> > ```
> >
> > Running `mvn clean install` on Travis I get the following error:
> >
> > ```
> > Could not transfer artifact org.geotools:gt-metadata:jar:26.1 from/to
> > osgeo
> > (https://repo.osgeo.org/repository/release/): peer not authenticated
> > ```
> >
> > Strangely, this does work using openjdk8, but not openjdk11. Also it
> > seems that some artifacts are downloaded from repo.osgeo.org without
> > problems, but for some I receive the above error.
> >
> > Can you give any advice how to fix or further debug this?
> >
> > And a bonus question: Are there any plans to or reasons against
> > publishing the geotools artifacts on Maven Central?
> >
> > Thanks in advance and best regards,
> > Andreas
> > _______________________________________________
> > Sac mailing list
> > Sac at lists.osgeo.org
> > https://lists.osgeo.org/mailman/listinfo/sac

More information about the Sac mailing list