546918 – SSL certificate for polarsys.org is expired

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 546918 - SSL certificate for polarsys.org is expired

Summary: SSL certificate for polarsys.org is expired

Status:	RESOLVED FIXED

Alias:	None

Product:	Community
Classification:	Eclipse Foundation
Component:	Website (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P5 blocker with 3 votes (vote)
Target Milestone:	---
Assignee:	phoenix.ui
QA Contact:

URL:	https://www.polarsys.org/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2019-05-02 09:24 EDT by Thomas Guiu
Modified:	2019-05-08 11:19 EDT (History)
CC List:	10 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Guiu

2019-05-02 09:24:50 EDT

So we can't access the download area/bugzilla/gerrit/jenkins

Comment 1 Michaël Melchiore

2019-05-04 09:39:21 EDT

This is a real blocker since kitalpha/capella build environment depends on p2 repositories hosted by polarsys CI.

Currently, it is not possible to build any project relying on them with Maven/Tycho.

Also, I cannot access the polarsys forum and the wiki where KitAlpha documentation and tutorials are hosted.

Comment 2 Felix Dorner

2019-05-06 03:37:11 EDT

please, this must be fixed today

Comment 3 Frédéric Madiot

2019-05-06 10:48:26 EDT

Changed Component from "Servers" to "Website" as polarsys.org is down, and corresponding SLA is higher (https://wiki.eclipse.org/IT_SLA#Tier_1_-_Critical)

Comment 4 Thomas Guiu

2019-05-07 03:02:03 EDT

The certificate has been updated but the bugzilla is not available (other subdomains are available).

https://bugs.polarsys.org/

Comment 5 Sandu Postaru

2019-05-07 04:02:57 EDT

https://ci.polarsys.org is also not available!

Comment 6 Felix Dorner

2019-05-07 04:25:13 EDT

Neither is download.polarsys.org

Comment 7 Frédéric Madiot

2019-05-07 04:38:09 EDT

And http://polarsys.org/forums

Comment 8 Frédéric Madiot

2019-05-07 04:39:33 EDT

(In reply to Felix Dorner from comment #6)
> Neither is download.polarsys.org

Download is ok for me

Comment 9 Minh Tu Ton That

2019-05-07 07:46:17 EDT

Hello,
It seems that the problem has not been fixed yet for ci.polarsys.org. Our build failed while trying to access an artifact from ci.polarsys.org with the following trace. Could you have a look at it?

!ENTRY org.eclipse.equinox.p2.transport.ecf 2 0 2019-05-07 07:34:52.239
!MESSAGE Connection to https://ci.polarsys.org/kitalpha/job/Kitalpha-v1.3.x/215/artifact/releng/plugins/org.polarsys.kitalpha.releng.sdk.updatesite/target/repository/p2.index failed on sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed. Retry attempt 0 started
!STACK 0
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
	at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:157)
	at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:164)
	at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:270)
	at org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:275)
	at org.apache.http.impl.conn.AbstractClientConnAdapter.flush(AbstractClientConnAdapter.java:207)
	at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:241)
	at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
	at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:686)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:488)
	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer.performConnect(HttpClientRetrieveFileTransfer.java:1084)
	at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer.access$0(HttpClientRetrieveFileTransfer.java:1075)
	at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer$1.performFileTransfer(HttpClientRetrieveFileTransfer.java:1071)
	at org.eclipse.ecf.filetransfer.FileTransferJob.run(FileTransferJob.java:74)
	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:56)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
	at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270)
	at sun.security.validator.Validator.validate(Validator.java:262)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
	... 23 more


Caused by: java.security.cert.CertPathValidatorException: validity check failed
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233)
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)
	at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
	at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:357)
	... 29 more


Caused by: java.security.cert.CertificateExpiredException: NotAfter: Thu May 02 08:00:00 EDT 2019
	at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)
	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629)
	at sun.security.provider.certpath.BasicChecker.verifyValidity(BasicChecker.java:190)
	at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144)
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
	... 34 more

Comment 10 Denis Roy

2019-05-07 10:25:40 EDT

(In reply to Tu Ton from comment #9)
> Hello,
> It seems that the problem has not been fixed yet for ci.polarsys.org. Our

I was in the process of moving the front-ends to CloudFlare; however that doesn't resolve internal access to ci.polarsys.org. I will install a new cert and we'll be on our way.

Apologies for the inconvenience. I am the one who dropped the ball on this, despite being reminded several times by my colleagues.

Comment 11 Denis Roy

2019-05-08 11:19:09 EDT

This is fixed; a new cert was installed and I'm removing the site from CloudFlare.