https://gradle.com/ logo
Join Slack
Powered by
This message was deleted.
# community-support
s
This message was deleted.
g
Full logs are
Copy code
Importing 3 trusted certificate(s)
Importing certificate gradle-certificate-001
Certificate was added to keystore
Importing certificate gradle-certificate-002
Certificate was added to keystore
Importing certificate gradle-certificate-003
Certificate was added to keystore
WARNING: Delegating to 'start' - this behaviour has been deprecated and will be removed in a future release. Please use the 'start' command directly.
Starting Gradle Enterprise build cache node (13.2) ...
ERROR: Unable to start SSL - failed to build SSL context.
The following exception trace may provide more information:
javax.net.ssl.SSLException: failed to set certificate and key
	at io.netty.handler.ssl.ReferenceCountedOpenSslServerContext.newSessionContext(ReferenceCountedOpenSslServerContext.java:138)
	at io.netty.handler.ssl.ReferenceCountedOpenSslServerContext.<init>(ReferenceCountedOpenSslServerContext.java:79)
	at io.netty.handler.ssl.ReferenceCountedOpenSslServerContext.<init>(ReferenceCountedOpenSslServerContext.java:62)
	at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:480)
	at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:606)
	at com.gradle.ratpack.v.b.a(SourceFile:51)
	at com.gradle.buildcache.node.a.a$a.a(SourceFile:184)
	at com.gradle.ratpack.k.e.a(SourceFile:222)
	at com.gradle.ratpack.k.e.a(SourceFile:137)
	at ratpack.server.internal.RatpackServerDefinition.build(RatpackServerDefinition.java:43)
	at ratpack.server.internal.DefaultRatpackServer.lambda$buildUserDefinition$6(DefaultRatpackServer.java:269)
	at ratpack.impose.Impositions.impose(Impositions.java:117)
	at ratpack.server.internal.DefaultRatpackServer.buildUserDefinition(DefaultRatpackServer.java:267)
	at ratpack.server.internal.DefaultRatpackServer.start(DefaultRatpackServer.java:154)
	at com.gradle.buildcache.node.a.a.a(SourceFile:96)
	at com.gradle.buildcache.node.b.h.a(SourceFile:225)
	at com.gradle.enterprise.a.a.c(SourceFile:62)
	at com.gradle.enterprise.a.a.call(SourceFile:21)
	at picocli.CommandLine.executeUserObject(CommandLine.java:1953)
	at picocli.CommandLine.access$1300(CommandLine.java:145)
	at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358)
	at picocli.CommandLine$RunLast.handle(CommandLine.java:2352)
	at picocli.CommandLine$RunLast.handle(CommandLine.java:2314)
	at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179)
	at picocli.CommandLine$RunLast.execute(CommandLine.java:2316)
	at picocli.CommandLine.execute(CommandLine.java:2078)
	at com.gradle.enterprise.a.a.a(SourceFile:84)
	at com.gradle.enterprise.a.a.b(SourceFile:89)
	at com.gradle.buildcache.node.b.g.a(SourceFile:45)
	at com.gradle.enterprise.a.a.c(SourceFile:62)
	at com.gradle.enterprise.a.a.call(SourceFile:21)
	at picocli.CommandLine.executeUserObject(CommandLine.java:1953)
	at picocli.CommandLine.access$1300(CommandLine.java:145)
	at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358)
	at picocli.CommandLine$RunLast.handle(CommandLine.java:2352)
	at picocli.CommandLine$RunLast.handle(CommandLine.java:2314)
	at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179)
	at picocli.CommandLine$RunLast.execute(CommandLine.java:2316)
	at picocli.CommandLine.execute(CommandLine.java:2078)
	at com.gradle.enterprise.a.a.a(SourceFile:84)
	at com.gradle.enterprise.a.g.c(SourceFile:35)
	at com.gradle.buildcache.node.BuildCacheNodeMain.main(SourceFile:9)
Caused by: java.security.KeyStoreException: Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not valid
	at java.base/sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:688)
	at java.base/sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:585)
	at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
	at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
	at io.netty.handler.ssl.SslContext.buildKeyStore(SslContext.java:1113)
	at io.netty.handler.ssl.ReferenceCountedOpenSslServerContext.newSessionContext(ReferenceCountedOpenSslServerContext.java:123)
	... 41 more
Caused by: java.security.KeyStoreException: Certificate chain is not valid
	at java.base/sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:635)
	... 46 more

Removing 3 existing trusted certificate(s)
Removing existing certificate gradle-certificate-001
Removing existing certificate gradle-certificate-002
Removing existing certificate gradle-certificate-003
v
From the stacktrace I'd say your certificate chain is not ok. The code that fails checks that issuerDN and subjectDN are the same for two adjacent certificates in the chain and that there are no loops in the chain.
g
Okay, thanks. I'll try to check it again.
@Vampire thanks. you were right. it seems that certificates in the chain are not connected via issuerDN and subjectDN. But still... 
openssl verify -CAfile trusted-ssl.crt -x509_strict ssl.crt
return OK. Where does this restriction with issuerDN and subjectDN came from? Sorry I'm not familiar with all these certificate things. I would appreciate any tips - then I would come to our network admins with some arguments to reissue the certificate chain. Thanks again.
v
If the DNs do not match, there simply is no chain. The subject DN is what identifies the ceritifacte. So if certificate with subject DN 
foo
issues certificate with subject DN 
bar
, then it has to contain the issuer DN 
foo
to build a chain, otherwise the certs are just two certs. Maybe you just miss some intermediate certificate. That is also nothing Gradle specific actually. The error comes from classes in the JRE itself that verify the chain.
🙏 1
5 Views
Open in Slack
PreviousNext
Powered by