Hi Maik, No more complaints from Eclipse.
About compatibility, Let's Encrypt works with Java 7 >= 7u111 and Java 8 >= 8u101 out of the box. For previous versions, the Let's Encrypt root certificate need to be added to the Java root store. Samuel > Le 23 févr. 2018 à 03:28, Maik Musall <m...@selbstdenker.ag> a écrit : > > Hi Samuel, > > thanks for noticing. I had set up the scripting to upload the entire chain to > the load balancer, but apparently it ignores the intermediate in that > process. So I now set the intermediate in it's intermediate store, and it > seems it's working now. > > I also noticed ssllabs complaining about weak DH parameters. Unfortunately I > can't set those per service, and globally setting DH keys longer than 1024 > would break some sites that rely on connectivity with older clients. But I > changed the ciphersuites set in favor of ECDHE instead of DHE, which also > solves this. Java 6 could have a problem with this, but I guess (and hope) > nobody's still using that to run Eclipse or something. > > I also set a CAA DNS record, and now we've got an A rating :) > > Can you please check if you can access without problems now? > > Thanks > Maik > > >> Am 23.02.2018 um 01:38 schrieb Samuel Pelletier <sam...@samkar.com >> <mailto:sam...@samkar.com>>: >> >> Hi Maik, >> >> I think there is a missing chain cert on the server. >> >> At least Eclipse update refuse to connect to the update site with this error: >> Unable to read repository at >> https://jenkins.wocommunity.org/job/WOLips47/lastSuccessfulBuild/artifact/temp/dist/content.xml >> >> <https://jenkins.wocommunity.org/job/WOLips47/lastSuccessfulBuild/artifact/temp/dist/content.xml>. >> Unable to read repository at >> https://jenkins.wocommunity.org/job/WOLips47/lastSuccessfulBuild/artifact/temp/dist/content.xml >> >> <https://jenkins.wocommunity.org/job/WOLips47/lastSuccessfulBuild/artifact/temp/dist/content.xml>. >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> >> Checking the ssl config with >> https://www.ssllabs.com/ssltest/analyze.html?d=jenkins.wocommunity.org >> <https://www.ssllabs.com/ssltest/analyze.html?d=jenkins.wocommunity.org> >> reveals that the certificate chain is incomplete. >> >> I do not have problems with browser that either already have it or download >> it silently but Java does not seem to like this. >> >> With apache, the chain is added with a config like this: >> SSLCertificateChainFile "/[...]/letsencrypt/live/[...]/chain.pem" >> >> Samuel >> >> >> >>> Le 21 févr. 2018 à 11:34, Maik Musall <m...@selbstdenker.ag >>> <mailto:m...@selbstdenker.ag>> a écrit : >>> >>> Done. >>> >>> Sorry for the delay, it took a while to figure out how to automate this >>> with our load balancers in front of everything terminating the TLS >>> connections ;-) >>> >>> Maik >>> >>> >>>> Am 21.02.2018 um 08:23 schrieb Maik Musall <m...@selbstdenker.ag >>>> <mailto:m...@selbstdenker.ag>>: >>>> >>>> Hi all, >>>> >>>> I just noticed that the TLS certificate on wocommunity.org >>>> <http://wocommunity.org/> has expired, and I thought I already had set up >>>> letsencrypt so I ignored the warning emails from Comodo. Turns out I had >>>> not. So hang on, I will fix this today. >>>> >>>> Maik >>>> >>>> _______________________________________________ >>>> Do not post admin requests to the list. They will be ignored. >>>> Webobjects-dev mailing list (Webobjects-dev@lists.apple.com >>>> <mailto:Webobjects-dev@lists.apple.com>) >>>> Help/Unsubscribe/Update your Subscription: >>>> https://lists.apple.com/mailman/options/webobjects-dev/maik%40selbstdenker.ag >>>> >>>> <https://lists.apple.com/mailman/options/webobjects-dev/maik%40selbstdenker.ag> >>>> >>>> This email sent to m...@selbstdenker.ag <mailto:m...@selbstdenker.ag> >>> >>> _______________________________________________ >>> Do not post admin requests to the list. They will be ignored. >>> Webobjects-dev mailing list (Webobjects-dev@lists.apple.com >>> <mailto:Webobjects-dev@lists.apple.com>) >>> Help/Unsubscribe/Update your Subscription: >>> https://lists.apple.com/mailman/options/webobjects-dev/samuel%40samkar.com >>> <https://lists.apple.com/mailman/options/webobjects-dev/samuel%40samkar.com> >>> >>> This email sent to sam...@samkar.com <mailto:sam...@samkar.com> >> > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/webobjects-dev/samuel%40samkar.com > > This email sent to sam...@samkar.com
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
