Ubuntu Server Armhf 16.04 "Xenial Xerus" (32bits) java.security.cert.CertPathValidatorException: signature check failed

All your suggestions, requests and ideas for future development
Post Reply
beambeam
Posts: 11
Joined: 25 May 2019, 22:52

Ubuntu Server Armhf 16.04 "Xenial Xerus" (32bits) java.security.cert.CertPathValidatorException: signature check failed

Post by beambeam »

Hey

I successfully installed filebot on debian 9 armv7f (with small tweak to filebot.sh -

Code: Select all

JAVA_OPTS="-Djna.nosys=false"
thanks to rednoah ).

But now I tried using the official repo to install filebot on Ubuntu Server 16.04 (same machine as debian 9 armv7f) and it worked
But when I run

Code: Select all

filebot -script fn:sysinfo
And I get

Code: Select all

java.security.cert.CertPathValidatorException: signature check failed
the actually error is longer so I can provide more info if needed.

I removed the repo version and all dependencies and then installed openjdk-8-jre-headless libopenjfx-java mediainfo libchromaprint-tools unrar p7zip-full

I then grabbed the portable version, same error. I also tried the last free version off sf and that gave exact same error.

The error happens when fetching this file, since its https, it makes sense that something with cert validation is causing an error. Or it could just be trying to check if fn.jar is signed properly and failed. Not sure.

Code: Select all

Fetch failed: https://api.filebot.net/v5/script/fn.jar.xz
Any help would be appreciated.

Edit: just to note, reason I switched to ubuntu was because I was having issue compiling libtorrent on debian 9 and ubuntu worked just fine.
beambeam
Posts: 11
Joined: 25 May 2019, 22:52

Re: Ubuntu Server Armhf 16.04 "Xenial Xerus" (32bits) java.security.cert.CertPathValidatorException: signature check fai

Post by beambeam »

Code: Select all

Fetch failed: Try again in 5 seconds (2 more) => javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
Fetch failed: Try again in 10 seconds (1 more) => javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
Fetch failed: https://api.filebot.net/v5/script/fn.jar.xz
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
	at net.filebot.web.WebRequest.fetch(WebRequest.java:142)
	at net.filebot.CachedResource.lambda$fetchIfModified$9(CachedResource.java:215)
	at net.filebot.CachedResource.lambda$null$0(CachedResource.java:87)
	at net.filebot.CachedResource.retry(CachedResource.java:121)
	at net.filebot.CachedResource.retry(CachedResource.java:133)
	at net.filebot.CachedResource.retry(CachedResource.java:133)
	at net.filebot.CachedResource.lambda$get$1(CachedResource.java:87)
	at net.filebot.Cache.computeIf(Cache.java:90)
	at net.filebot.CachedResource.get(CachedResource.java:82)
	at net.filebot.MemoizedResource.get(Resource.java:36)
	at net.filebot.cli.ScriptBundle.getScript(ScriptBundle.java:32)
	at net.filebot.cli.ScriptShell.runScript(ScriptShell.java:74)
	at net.filebot.cli.ArgumentProcessor.runScript(ArgumentProcessor.java:160)
	at net.filebot.cli.ArgumentProcessor.run(ArgumentProcessor.java:37)
	at net.filebot.Main.main(Main.java:130)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
	at net.filebot.web.WebRequest.fetch(WebRequest.java:139)
	... 14 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
	... 15 more
Caused by: java.security.cert.CertPathValidatorException: signature check failed
	... 15 more
Caused by: java.security.SignatureException: Signature does not match.
	... 15 more

sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
	at net.filebot.web.WebRequest.fetch(WebRequest.java:142)
	at net.filebot.CachedResource.lambda$fetchIfModified$9(CachedResource.java:215)
	at net.filebot.CachedResource.lambda$null$0(CachedResource.java:87)
	at net.filebot.CachedResource.retry(CachedResource.java:121)
	at net.filebot.CachedResource.retry(CachedResource.java:133)
	at net.filebot.CachedResource.retry(CachedResource.java:133)
	at net.filebot.CachedResource.lambda$get$1(CachedResource.java:87)
	at net.filebot.Cache.computeIf(Cache.java:90)
	at net.filebot.CachedResource.get(CachedResource.java:82)
	at net.filebot.MemoizedResource.get(Resource.java:36)
	at net.filebot.cli.ScriptBundle.getScript(ScriptBundle.java:32)
	at net.filebot.cli.ScriptShell.runScript(ScriptShell.java:74)
	at net.filebot.cli.ArgumentProcessor.runScript(ArgumentProcessor.java:160)
	at net.filebot.cli.ArgumentProcessor.run(ArgumentProcessor.java:37)
	at net.filebot.Main.main(Main.java:130)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
	at net.filebot.web.WebRequest.fetch(WebRequest.java:139)
	... 14 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
	... 15 more
Caused by: java.security.cert.CertPathValidatorException: signature check failed
	... 15 more
Caused by: java.security.SignatureException: Signature does not match.
	... 15 more

Error (o_O)
Here is the full error.
User avatar
rednoah
The Source
Posts: 22923
Joined: 16 Nov 2011, 08:59
Location: Taipei
Contact:

Re: Ubuntu Server Armhf 16.04 "Xenial Xerus" (32bits) java.security.cert.CertPathValidatorException: signature check fai

Post by rednoah »

It's a generic Java HTTPS configuration issue unrelated to FileBot specifically.

Google will help. Maybe.
:idea: Please read the FAQ and How to Request Help.
beambeam
Posts: 11
Joined: 25 May 2019, 22:52

Re: Ubuntu Server Armhf 16.04 "Xenial Xerus" (32bits) java.security.cert.CertPathValidatorException: signature check fai

Post by beambeam »

I fetched the fullchain cert for get.filebot.net:443 using openssl and added it to keystore

It fixed the issue but gave me another issue

Code: Select all

Fetch failed: Try again in 5 seconds (2 more) => javax.net.ssl.SSLKeyException: Invalid signature on ECDH server key exchange message
Fetch failed: Try again in 10 seconds (1 more) => javax.net.ssl.SSLKeyException: Invalid signature on ECDH server key exchange message
Fetch failed: https://api.filebot.net/v5/script/fn.jar.xz
javax.net.ssl.SSLKeyException: Invalid signature on ECDH server key exchange message
        at net.filebot.web.WebRequest.fetch(WebRequest.java:142)
        at net.filebot.CachedResource.lambda$fetchIfModified$9(CachedResource.java:215)
        at net.filebot.CachedResource.lambda$null$0(CachedResource.java:87)
        at net.filebot.CachedResource.retry(CachedResource.java:121)
        at net.filebot.CachedResource.retry(CachedResource.java:133)
        at net.filebot.CachedResource.retry(CachedResource.java:133)
        at net.filebot.CachedResource.lambda$get$1(CachedResource.java:87)
        at net.filebot.Cache.computeIf(Cache.java:90)
        at net.filebot.CachedResource.get(CachedResource.java:82)
        at net.filebot.MemoizedResource.get(Resource.java:36)
        at net.filebot.cli.ScriptBundle.getScript(ScriptBundle.java:32)
        at net.filebot.cli.ScriptShell.runScript(ScriptShell.java:74)
        at net.filebot.cli.ArgumentProcessor.runScript(ArgumentProcessor.java:163)
        at net.filebot.cli.ArgumentProcessor.run(ArgumentProcessor.java:37)
        at net.filebot.Main.main(Main.java:132)
Caused by: javax.net.ssl.SSLKeyException: Invalid signature on ECDH server key exchange message
        at net.filebot.web.WebRequest.fetch(WebRequest.java:139)
        ... 14 more

Invalid signature on ECDH server key exchange message
javax.net.ssl.SSLKeyException: Invalid signature on ECDH server key exchange message
        at net.filebot.web.WebRequest.fetch(WebRequest.java:142)
        at net.filebot.CachedResource.lambda$fetchIfModified$9(CachedResource.java:215)
        at net.filebot.CachedResource.lambda$null$0(CachedResource.java:87)
        at net.filebot.CachedResource.retry(CachedResource.java:121)
        at net.filebot.CachedResource.retry(CachedResource.java:133)
        at net.filebot.CachedResource.retry(CachedResource.java:133)
        at net.filebot.CachedResource.lambda$get$1(CachedResource.java:87)
        at net.filebot.Cache.computeIf(Cache.java:90)
        at net.filebot.CachedResource.get(CachedResource.java:82)
        at net.filebot.MemoizedResource.get(Resource.java:36)
        at net.filebot.cli.ScriptBundle.getScript(ScriptBundle.java:32)
        at net.filebot.cli.ScriptShell.runScript(ScriptShell.java:74)
        at net.filebot.cli.ArgumentProcessor.runScript(ArgumentProcessor.java:163)
        at net.filebot.cli.ArgumentProcessor.run(ArgumentProcessor.java:37)
        at net.filebot.Main.main(Main.java:132)
Caused by: javax.net.ssl.SSLKeyException: Invalid signature on ECDH server key exchange message
        at net.filebot.web.WebRequest.fetch(WebRequest.java:139)
        ... 14 more
Then I install jdk using the ppa: https://launchpad.net/~openjdk-r/+archi ... ter=xenial

then i tried using the universe repo from filebot but it wanted to install jdk-8-jre because openjfx v11 does not exit ubuntu 16.04, only openjfx v8.

then I tried to use just the universe (non-jdk-8) .deb file and it didn't require openjfx to be install so I didn't have jre 8 to install and it worked. But then got this error:

Code: Select all

Fetch failed: Try again in 5 seconds (2 more) => javax.net.ssl.SSLHandshakeException: Received fatal alert: illegal_parameter
Fetch failed: Try again in 10 seconds (1 more) => javax.net.ssl.SSLHandshakeException: Received fatal alert: illegal_parameter
Fetch failed: https://api.filebot.net/v5/script/fn.jar.xz
javax.net.ssl.SSLHandshakeException: Received fatal alert: illegal_parameter
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at net.filebot.web.WebRequest.fetch(WebRequest.java:142)
        at net.filebot.CachedResource.lambda$fetchIfModified$9(CachedResource.java:215)
        at net.filebot.CachedResource.lambda$get$0(CachedResource.java:87)
        at net.filebot.CachedResource.retry(CachedResource.java:121)
        at net.filebot.CachedResource.retry(CachedResource.java:133)
        at net.filebot.CachedResource.retry(CachedResource.java:133)
        at net.filebot.CachedResource.lambda$get$1(CachedResource.java:87)
        at net.filebot.Cache.computeIf(Cache.java:90)
        at net.filebot.CachedResource.get(CachedResource.java:82)
        at net.filebot.MemoizedResource.get(Resource.java:36)
        at net.filebot.cli.ScriptBundle.getScript(ScriptBundle.java:32)
        at net.filebot.cli.ScriptShell.runScript(ScriptShell.java:74)
        at net.filebot.cli.ArgumentProcessor.runScript(ArgumentProcessor.java:163)
        at net.filebot.cli.ArgumentProcessor.run(ArgumentProcessor.java:37)
        at net.filebot.Main.main(Main.java:132)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: illegal_parameter
        at net.filebot.web.WebRequest.fetch(WebRequest.java:139)
        ... 14 more

Received fatal alert: illegal_parameter
javax.net.ssl.SSLHandshakeException: Received fatal alert: illegal_parameter
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at net.filebot.web.WebRequest.fetch(WebRequest.java:142)
        at net.filebot.CachedResource.lambda$fetchIfModified$9(CachedResource.java:215)
        at net.filebot.CachedResource.lambda$get$0(CachedResource.java:87)
        at net.filebot.CachedResource.retry(CachedResource.java:121)
        at net.filebot.CachedResource.retry(CachedResource.java:133)
        at net.filebot.CachedResource.retry(CachedResource.java:133)
        at net.filebot.CachedResource.lambda$get$1(CachedResource.java:87)
        at net.filebot.Cache.computeIf(Cache.java:90)
        at net.filebot.CachedResource.get(CachedResource.java:82)
        at net.filebot.MemoizedResource.get(Resource.java:36)
        at net.filebot.cli.ScriptBundle.getScript(ScriptBundle.java:32)
        at net.filebot.cli.ScriptShell.runScript(ScriptShell.java:74)
        at net.filebot.cli.ArgumentProcessor.runScript(ArgumentProcessor.java:163)
        at net.filebot.cli.ArgumentProcessor.run(ArgumentProcessor.java:37)
        at net.filebot.Main.main(Main.java:132)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: illegal_parameter
        at net.filebot.web.WebRequest.fetch(WebRequest.java:139)
        ... 14 more
Googling got me that far, its errors all the way down, no matter what I do.
beambeam
Posts: 11
Joined: 25 May 2019, 22:52

Re: Ubuntu Server Armhf 16.04 "Xenial Xerus" (32bits) java.security.cert.CertPathValidatorException: signature check fai

Post by beambeam »

Code: Select all

#!/bin/sh
#
# usage: retrieve-cert.sh remote.host.name [port]
#
REMHOST=$1
REMPORT=${2:-443}

echo |\
openssl s_client -showcerts -verify 5 -connect ${REMHOST}:${REMPORT} 2>&1 |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
script to fetch fullchain

output it to a file.pem and use following to add it to keystore:

Code: Select all

keytool -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -import -file file.pem -alias filebot
just little fyi
User avatar
rednoah
The Source
Posts: 22923
Joined: 16 Nov 2011, 08:59
Location: Taipei
Contact:

Re: Ubuntu Server Armhf 16.04 "Xenial Xerus" (32bits) java.security.cert.CertPathValidatorException: signature check fai

Post by rednoah »

Have you tried installing the latest Oracle JDK 8? That should work out of the box, and include support for the latest SSL algorithms. It also includes JavaFX 8 baked in so less to worry about there as well.
:idea: Please read the FAQ and How to Request Help.
beambeam
Posts: 11
Joined: 25 May 2019, 22:52

Re: Ubuntu Server Armhf 16.04 "Xenial Xerus" (32bits) java.security.cert.CertPathValidatorException: signature check fai

Post by beambeam »

rednoah wrote: 26 May 2019, 08:25 Have you tried installing the latest Oracle JDK 8? That should work out of the box, and include support for the latest SSL algorithms. It also includes JavaFX 8 baked in so less to worry about there as well.
Thank you so much. Just installed Oracle JDK 8 and portable filebot and everything works out of the box!
Post Reply