Spark certificates management update

I checked the fix, it works!
Thank you so much!

Now if I use an expired certificate on the server and I have a CA certificate added to Spark then I get the “Certificate expired” error. This is what I expected.
If I click on the “Accept expired” button then I can log into the server. This is what I expected.

if I use a certificate that is valid until 2021 on my server and I have a CA certificate added to Spark, then I immediately connect to the server.
If I don’t add the CA certificate to Spark then I will get a notification asking me to add a new certificate to Spark, which is what I expected.

I think this topic can be closed as resolved

1 Like

I have marked https://igniterealtime.atlassian.net/browse/SPARK-2194 as fixed, but i’m not sure if work on other tickets in the first message is completed.

I’ve just created a new PR in https://github.com/igniterealtime/Spark/pull/555

WIth that (assuming that @ilyaHlevnoy doesn’t find new bugs with it :slight_smile: ) we can close the other issues too.

1 Like

https://bamboo.igniterealtime.org/browse/SPARK-NIGHTLY-1550/artifact/shared/Install4j-generated-media/

Unfortunately, I can still repeat this bug that I showed in the video.


but along with this I get a lot of errors related to the certificate.
warn
ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Certificate doesn't have issuerUniqueID: CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
java.lang.NullPointerException
	at org.jivesoftware.sparkimpl.certificates.CertificateModel.<init>(CertificateModel.java:94)
	at org.jivesoftware.sparkimpl.certificates.CertificateModel.<init>(CertificateModel.java:69)
	at org.jivesoftware.sparkimpl.certificates.CertManager.fillTableListWithKeyStoreContent(CertManager.java:246)
	at org.jivesoftware.sparkimpl.certificates.CertificateController.loadKeyStores(CertificateController.java:95)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.loadKeyStores(SparkTrustManager.java:381)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.<init>(SparkTrustManager.java:68)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.getTrustManagerList(SparkTrustManager.java:72)
	at org.jivesoftware.sparkimpl.certificates.SparkSSLContextCreator.setUpContext(SparkSSLContextCreator.java:40)
	at org.jivesoftware.LoginDialog.retrieveConnectionConfiguration(LoginDialog.java:299)
	at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1085)
	at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:365)
	at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:905)
	at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:139)
	at java.lang.Thread.run(Unknown Source)

ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Certificate doesn't have subjectUniqueID: CN=*.coleman.ru,O=LLC KS Soprovozhdeniye,L=Moscow,C=RU
java.lang.NullPointerException
	at org.jivesoftware.sparkimpl.certificates.CertificateModel.<init>(CertificateModel.java:99)
	at org.jivesoftware.sparkimpl.certificates.CertificateModel.<init>(CertificateModel.java:69)
	at org.jivesoftware.sparkimpl.certificates.CertManager.fillTableListWithKeyStoreContent(CertManager.java:246)
	at org.jivesoftware.sparkimpl.certificates.CertificateController.loadKeyStores(CertificateController.java:95)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.loadKeyStores(SparkTrustManager.java:381)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.<init>(SparkTrustManager.java:68)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.getTrustManagerList(SparkTrustManager.java:72)
	at org.jivesoftware.sparkimpl.certificates.SparkSSLContextCreator.setUpContext(SparkSSLContextCreator.java:40)
	at org.jivesoftware.LoginDialog.retrieveConnectionConfiguration(LoginDialog.java:299)
	at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1085)
	at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:365)
	at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:905)
	at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:139)
	at java.lang.Thread.run(Unknown Source)

ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Cannot build certificate chain
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at java.security.cert.PKIXParameters.setTrustAnchors(Unknown Source)
	at java.security.cert.PKIXParameters.<init>(Unknown Source)
	at java.security.cert.PKIXBuilderParameters.<init>(Unknown Source)
	at org.jivesoftware.sparkimpl.certificates.SparkExceptionsTrustManager.validatePath(SparkExceptionsTrustManager.java:94)
	at org.jivesoftware.sparkimpl.certificates.SparkExceptionsTrustManager.checkServerTrusted(SparkExceptionsTrustManager.java:44)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:111)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:92)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:856)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
	at java.lang.Thread.run(Unknown Source)

ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Certificate doesn't have issuerUniqueID: CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
java.lang.NullPointerException
	at org.jivesoftware.sparkimpl.certificates.CertificateModel.<init>(CertificateModel.java:94)
	at org.jivesoftware.sparkimpl.certificates.CertificateModel.<init>(CertificateModel.java:69)
	at org.jivesoftware.sparkimpl.certificates.CertManager.fillTableListWithKeyStoreContent(CertManager.java:246)
	at org.jivesoftware.sparkimpl.certificates.CertificateController.loadKeyStores(CertificateController.java:95)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.loadKeyStores(SparkTrustManager.java:381)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.<init>(SparkTrustManager.java:68)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.getTrustManagerList(SparkTrustManager.java:72)
	at org.jivesoftware.LoginDialog$LoginPanel.lambda$login$2(LoginDialog.java:1198)
	at java.awt.event.InvocationEvent.dispatch(Unknown Source)
	at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
	at java.awt.EventQueue.access$500(Unknown Source)
	at java.awt.EventQueue$3.run(Unknown Source)
	at java.awt.EventQueue$3.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
	at java.awt.EventQueue.dispatchEvent(Unknown Source)
	at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
	at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
	at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
	at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
	at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
	at java.awt.EventDispatchThread.run(Unknown Source)

ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Certificate doesn't have subjectUniqueID: CN=*.coleman.ru,O=LLC KS Soprovozhdeniye,L=Moscow,C=RU
java.lang.NullPointerException
	at org.jivesoftware.sparkimpl.certificates.CertificateModel.<init>(CertificateModel.java:99)
	at org.jivesoftware.sparkimpl.certificates.CertificateModel.<init>(CertificateModel.java:69)
	at org.jivesoftware.sparkimpl.certificates.CertManager.fillTableListWithKeyStoreContent(CertManager.java:246)
	at org.jivesoftware.sparkimpl.certificates.CertificateController.loadKeyStores(CertificateController.java:95)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.loadKeyStores(SparkTrustManager.java:381)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.<init>(SparkTrustManager.java:68)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.getTrustManagerList(SparkTrustManager.java:72)
	at org.jivesoftware.LoginDialog$LoginPanel.lambda$login$2(LoginDialog.java:1198)
	at java.awt.event.InvocationEvent.dispatch(Unknown Source)
	at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
	at java.awt.EventQueue.access$500(Unknown Source)
	at java.awt.EventQueue$3.run(Unknown Source)
	at java.awt.EventQueue$3.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
	at java.awt.EventQueue.dispatchEvent(Unknown Source)
	at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
	at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
	at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
	at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
	at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
	at java.awt.EventDispatchThread.run(Unknown Source)

ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Certificate doesn't have issuerUniqueID: CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
java.lang.NullPointerException
	at org.jivesoftware.sparkimpl.certificates.CertificateModel.<init>(CertificateModel.java:94)
	at org.jivesoftware.LoginDialog$LoginPanel.lambda$login$2(LoginDialog.java:1202)
	at java.awt.event.InvocationEvent.dispatch(Unknown Source)
	at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
	at java.awt.EventQueue.access$500(Unknown Source)
	at java.awt.EventQueue$3.run(Unknown Source)
	at java.awt.EventQueue$3.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
	at java.awt.EventQueue.dispatchEvent(Unknown Source)
	at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
	at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
	at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
	at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
	at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
	at java.awt.EventDispatchThread.run(Unknown Source)

ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Certificate doesn't have subjectUniqueID: CN=*.coleman.ru,O=LLC KS Soprovozhdeniye,L=Moscow,C=RU
java.lang.NullPointerException
	at org.jivesoftware.sparkimpl.certificates.CertificateModel.<init>(CertificateModel.java:99)
	at org.jivesoftware.LoginDialog$LoginPanel.lambda$login$2(LoginDialog.java:1202)
	at java.awt.event.InvocationEvent.dispatch(Unknown Source)
	at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
	at java.awt.EventQueue.access$500(Unknown Source)
	at java.awt.EventQueue$3.run(Unknown Source)
	at java.awt.EventQueue$3.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
	at java.awt.EventQueue.dispatchEvent(Unknown Source)
	at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
	at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
	at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
	at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
	at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
	at java.awt.EventDispatchThread.run(Unknown Source)

ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Certificate doesn't have issuerUniqueID: CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
java.lang.NullPointerException
	at org.jivesoftware.sparkimpl.certificates.CertificateModel.<init>(CertificateModel.java:94)
	at org.jivesoftware.sparkimpl.certificates.CertificateModel.<init>(CertificateModel.java:69)
	at org.jivesoftware.sparkimpl.certificates.CertManager.fillTableListWithKeyStoreContent(CertManager.java:246)
	at org.jivesoftware.sparkimpl.certificates.CertificateController.loadKeyStores(CertificateController.java:95)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.loadKeyStores(SparkTrustManager.java:381)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.<init>(SparkTrustManager.java:68)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.getTrustManagerList(SparkTrustManager.java:72)
	at org.jivesoftware.sparkimpl.certificates.SparkSSLContextCreator.setUpContext(SparkSSLContextCreator.java:40)
	at org.jivesoftware.LoginDialog.retrieveConnectionConfiguration(LoginDialog.java:299)
	at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1085)
	at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:365)
	at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:905)
	at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:139)
	at java.lang.Thread.run(Unknown Source)

error

ноя 05, 2020 2:10:53 PM org.jivesoftware.spark.util.log.Log error
SEVERE: Exception in Login:
org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1176)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
	at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:856)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171)
	... 3 more
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:96)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	... 14 more
Caused by: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:126)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:92)
	... 15 more
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.validatePath(SparkTrustManager.java:270)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:122)
	... 16 more

ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log error
SEVERE: Validating path failed
java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.validatePath(SparkTrustManager.java:270)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:122)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:92)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:856)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
	at java.lang.Thread.run(Unknown Source)

ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log error
SEVERE: Exception in Login:
org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1176)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
	at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:856)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171)
	... 3 more
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:96)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	... 14 more
Caused by: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:126)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:92)
	... 15 more
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.validatePath(SparkTrustManager.java:270)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:122)
	... 16 more

ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log error
SEVERE: Validating path failed
java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.validatePath(SparkTrustManager.java:270)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:122)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:92)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:856)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
	at java.lang.Thread.run(Unknown Source)

ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log error
SEVERE: Exception in Login:
org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1176)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
	at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:856)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171)
	... 3 more
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:96)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	... 14 more
Caused by: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:126)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:92)
	... 15 more
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.validatePath(SparkTrustManager.java:270)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:122)
	... 16 more

ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log error
SEVERE: Validating path failed
java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.validatePath(SparkTrustManager.java:270)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:122)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:92)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:856)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
	at java.lang.Thread.run(Unknown Source)

ноя 05, 2020 2:10:54 PM org.jivesoftware.spark.util.log.Log error
SEVERE: Exception in Login:
org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1176)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
	at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:856)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171)
	... 3 more
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:96)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	... 14 more
Caused by: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:126)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:92)
	... 15 more
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.validatePath(SparkTrustManager.java:270)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:122)
	... 16 more

ноя 05, 2020 2:10:55 PM org.jivesoftware.spark.util.log.Log error
SEVERE: Validating path failed
java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.validatePath(SparkTrustManager.java:270)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:122)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:92)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:856)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
	at java.lang.Thread.run(Unknown Source)

ноя 05, 2020 2:10:55 PM org.jivesoftware.spark.util.log.Log error
SEVERE: Exception in Login:
org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1176)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
	at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:856)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171)
	... 3 more
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:96)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	... 14 more
Caused by: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:126)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:92)
	... 15 more
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.validatePath(SparkTrustManager.java:270)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:122)
	... 16 more

ноя 05, 2020 2:10:55 PM org.jivesoftware.spark.util.log.Log error
SEVERE: Validating path failed
java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.validatePath(SparkTrustManager.java:270)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:122)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:92)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:856)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
	at java.lang.Thread.run(Unknown Source)

ноя 05, 2020 2:10:55 PM org.jivesoftware.spark.util.log.Log error
SEVERE: Exception in Login:
org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1176)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
	at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:856)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$2000(XMPPTCPConnection.java:155)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1171)
	... 3 more
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:96)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	... 14 more
Caused by: java.security.cert.CertPathValidatorException: Certificate path validation failed
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:126)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.checkServerTrusted(SparkTrustManager.java:92)
	... 15 more
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.validatePath(SparkTrustManager.java:270)
	at org.jivesoftware.sparkimpl.certificates.SparkTrustManager.doTheChecks(SparkTrustManager.java:122)
	... 16 more

Curious. The problem that is reported is that Spark thinks that the chain that your server is using is not signed by a CA that Spark recognizes. I’m not sure if the certificate is missing, or that Spark does not correctly use it.

Spark then asks if you want to make an exception for the certificate that you’re using and tries to add all of the certificates to the ‘exempt’ trust store. It will, however, only do this if the each of the certificates is not already in a store. As you keep being in a loop, it looks like that, at that stage, Spark thinks that the certificates are already in on of those stores.

So, for some reason, the certificates are in a store, but they’re not used? I’m not exactly sure what happens.

Can you provide:

  • A list of all certificates that are in the chain that your server uses
  • A listing of all certificates in each of the truststores of Spark

That might allow us to dig deeper.

here is a chain of my certificates.
coleman2021.cer (1.5 КБ)
I install pure Spark, then connect to the Openfire server and then, when connecting to the server, install the * .coleman.ru certificate
Here is my list of certificates in Spark.

So, can we close some of the tickets in the first message? I think SPARK-2184 is fixed, right? At least the user who reported this confirmed it works ok with new builds.

The coleman2021.cer certificate is issued by GeoTrust RSA CA 2018. From this certificate, I cannot see if that is a root, or an intermediate (I think I remember that this is an intermediate, but I’m not sure).

So, the Spark keystores are completely empty, with one exception. The ‘truststore’ contains one certificate, the one for *.coleman.ru. It just contains that one certificate. The other certificates from the chain are not in the Spark truststore.

One thing to note is that, when evaluating the certificate chain that is offered by your Openfire server, Spark will also use the truststore(s) provided by the JRE. These will be combined with the truststores that are provided by Spark itself. I do not know what is in the JRE truststore on your computer.

Adding the *.coleman.ru certificate to the Spark truststore is not expected to make a difference (except for when you mark it as ‘exempt’, in which case it should always be accepted, I think), for this reason: When validating the certificate chain that is provided by the Openfire, Spark will discard the root CA from the chain that is provided by the Openfire server (if the root CA is part of that chain - it does not need to be). It will then try to ‘complete’ the chain again, using certificates that it knows it can trust (because they are in the truststores of Spark or the JRE). So, what Spark needs to have in its (or the JREs) truststore, is the root CA that (directly or indirectly) issued *.coleman.ru

So, when the certificate chain that is offered by your Openfire server is being validated by Spark, Spark will try to (re)construct a ‘path’ from the end-entity certificate that is in the chain (*.coleman.ru) to a root certificate (the one that issued GeoTrust RSA CA 2018). We can see that this root is not in the Spark truststore. My guess is that it is also not in the JRE truststore. This is why validation fails.

Because of the failure of the validation, Spark asks if you want to add the certificate as an ‘exception’ (so that it always will be accepted). Since the end-entity certificate is already in the truststore (but not ‘excepted’), Spark doesn’t actually add it. This might be considered a bug, but that needs to have some further analysis.

To rule out a different issue with certificate validation, it might be good to know if Spark will accept your servers certificate chain after you removed the *.coleman.ru from Spark’s truststore. If you can then login (without Spark prompting you to add the certificate), then a) the root CA certificate is in the JRE store, and b) Spark has a bug (because it didn’t use it before).

If, after removing the *.coleman.ru certificate from Sparks truststore Spark prompts you to add it, then I expect Spark to add it to the ‘exception’ store, and allow you to log in afterwards.

Another thing to test (and possibly the ‘correct’ way to configure your Spark) is to add (only) the root CA (instead of the *.coleman.ru) to Spark’s truststore. Spark should then allow you to login, without prompting you for anything.

I think all of them can be closed. There might still be related issues (like the one that @ilyaHlevnoy sees) but those seem at least a bit specific to their configuration. If need be, we can create a new issue for those.

Now I figured it out, you are right.

Yes, that is right. If I add the RSA 2018 certificate, then I can connect to the server without my * .coleman.ru certificate and I will not receive the certificate window.

Yes, I can remove the * .coleman.ru certificate and add the RSA CA 2018 certificate, then I can log into the system without Spark asking to add a certificate. My root certificate is in Java by default (DigiCert Global Root CA)

And here you are right, if I delete the certificate and try to connect, he will prompt me to add my certificate to the store and I can connect to the server.

I think a lot of people have a self signed certificate installed on their Openfire server. It doesn’t have a CA. What will happen then?

1 Like

This surprises me a little, and I think it is not quite correct. When your server provides its certificate chain to Spark, it should provide the entire chain, possibly without the root CA. So, in your example, I expect the certificate chain as offered by Openfire to be:

  • *.coleman.ru
  • GeoTrust RSA CA 2018
  • DigiCert Global Root CA (this one is optional)

When validating, Spark will remove DigiCert Global Root CA from the chain if it is there, and will then try to validate the train, combining it with the certificates that it knows it can trust.

So, if your JRE contains DigiCert Global Root CA then Spark’s trust stores should not need to include GeoTrust RSA CA 2018. You appear to be telling us that Spark does need it. I wonder if that’s a bug.

You’re right, a lot of people will use a self-signed certificate. The implementation of validating self-signed certificates in Spark is different. It will basically check if the certificate is in the trust store, and not do any of the “path reconstruction” bit.