certificate problems

certificate problems

in API Development

Posted by: Sariel V.7024

Sariel V.7024

I do my skimming via Java. When I tried to connect today, I started receiving a sun.security.validator.validatorexception on every attempted connection. The info I can find on this online suggests that I don’t have the certificate for the server I am contacting. This is strange, since I’ve been connecting to the api server for over a year now and have never had a problem like this. Did you guys or GoDaddy make any changes to it recently?

(edited by Sariel V.7024)

certificate problems

in API Development

Posted by: Lawton Campbell

Lawton Campbell

Web Programmer

Next

I think we changed our TLS configuration to not use deprecated cipher suites. The certificate is unchanged, but we no longer support RC4 ciphers or MD5/SHA1 digests. That might be the issue, but I’ve no idea why that’d be a validatorexception and not something like “no suitable cipher suite” or just “handshake failure”.

certificate problems

in API Development

Posted by: Tiscan.8345

Tiscan.8345

Sorry for asking a kinda unrelated/non-API question… but do you know if the config for the (old) guildwars.com-site was changed, too? Because there seem to be quite a few people (me included) that no longer can access that site because of some problems with the encryption (I already made a thread in the general discussion board).

certificate problems

in API Development

Posted by: Lawton Campbell

Previous

Lawton Campbell

Web Programmer

Next

AFAIK the config change was made at the load balancer level, so it should affect all ArenaNet sites, including guildwars.com.

If you’re having TLS handshake errors, I highly suggest updating (or changing) your browser and seeing if that fixes the issue.

certificate problems

in API Development

Posted by: Tiscan.8345

Tiscan.8345

Thanks for the info, Lawton… but I ’ve got the same issue on all browsers and PCs I tried (and they are all updated). Another user (Silmar Alech) pointed out, that if you resolve guildwars.com from germany (or probably the whole EU) you get a different IP (64.25.47.11) than when you resolve the IP from a NA-server (64.25.40.54). That might be an issue.

But I guess we might get a little bit off-topic here and i don’t wanna hijack Sariel’s thread

certificate problems

in API Development

Posted by: Lawton Campbell

Previous

Lawton Campbell

Web Programmer

Next

Turns out there was a mis-configuration in the Frankfurt data center! Got the relevant parties involved and they’re going to have it fixed at some point. Thanks for the report, sorry about that! (this only affects guildwars.com and isn’t related to the OP).

certificate problems

in API Development

Posted by: Sariel V.7024

Sariel V.7024

Do you know how recently that was changed?

As for the explanation on the error message, I see wildly ridiculous reasons to explain a missing semicolon, so how the JVM is interpreting something may have little to do with the problem as described by a troubleshooting webpage :/ Unfortunately, that brings me no closer to a fix.

(I’m a rambler. Hard to gripe about people going off-topic when I do it myself )

certificate problems

in API Development

Posted by: Tiscan.8345

Tiscan.8345

Turns out there was a mis-configuration in the Frankfurt data center! Got the relevant parties involved and they’re going to have it fixed at some point. Thanks for the report, sorry about that! (this only affects guildwars.com and isn’t related to the OP).

Awesome Thanks!

certificate problems

in API Development

Posted by: Lawton Campbell

Previous

Lawton Campbell

Web Programmer

Do you know how recently that was changed?

I believe the SSL cipher suite was changed for the Dallas datacenter on Jan 22nd; I think the old cipher suite is still in use in the Frankfurt datacenter temporarily (but might be wrong about that).

certificate problems

in API Development

Posted by: Sariel V.7024

Sariel V.7024

This was a major headache as several times the fix failed for some reason or other, so I thought I would outline the steps I took to get it working (Windows version).

1. Copy the site certificate -
1.a. Open https://api.guildwars2.com in Chrome.
1.b. Click the green lock next to the address bar. This brings up the security report.
1.c. Next to “Your connection to this site is private.”, click “Details”
1.d. Click the [View certificate] button.
1.e. On the Certificate window, click the “Details” tab.
1.f. Click the [Copy to File…] button.
1.g. Advance through the export wizard. Select Base-64 encoded X.509 (.cer). Select a save directory and name.

2. Launch cmd.exe in administrator mode.

3. Navigate to your Java directory. Enter the /bin subdirectory.

4. Enter the following on one line:
keytool -import -noprompt -trustcacerts -alias wwwGuildWars2 -file “C:/Path_To_Your_Certificate/certificateName.cer” -keystore “C:/Path_To_Java_Directory/lib/security/cacerts” -storepass changeit

4.1. Insert paths to your files as needed. The default password for the keystore is changeit. If you’ve ever actually set it in the past, use whatever that was.

5. If there is some confusion which keystore is being pulled from (e.g. you have multiple java installations), repeat step 4 for each of them.

Now I get to figure out why eclipse is pulling from a different Java’s keystore…

(edited by Sariel V.7024)