Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-109

Invalid certificate warning on repo-jenkins-ci.org

    Details

    • Similar Issues:

      Description

      The docs (https://wiki.jenkins-ci.org/display/JENKINS/Plugin+tutorial) say to put http://repo.jenkins-ci.org/public/ as a repository. It is a very bad idea to have this hosted on http and not https. For users who have an understanding of security and try to switch it to https they find that it is not even an option and are greeted with an error.

      This is probably not the site you are looking for!
      You attempted to reach repo.jenkins-ci.org, but instead you actually reached a server identifying itself as *.artifactoryonline.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of repo.jenkins-ci.org.
      You should not proceed, especially if you have never seen this warning before for this site.

      Sonatype just got some bad press for fetching jars over http by default and has now changed to https (http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/). I think we should follow their lead.

        Attachments

          Issue Links

            Activity

            Hide
            danielbeck Daniel Beck added a comment -

            Should be possible to point settings.xml there as a workaround (proxy repo or what it's called), but I doubt it's a good choice for pom.xml.

            Show
            danielbeck Daniel Beck added a comment - Should be possible to point settings.xml there as a workaround (proxy repo or what it's called), but I doubt it's a good choice for pom.xml.
            Hide
            rtyler R. Tyler Croy added a comment -

            I have the certificates generated properly, just waiting on a response from JFrog support on how to get the certificates installed.

            Show
            rtyler R. Tyler Croy added a comment - I have the certificates generated properly, just waiting on a response from JFrog support on how to get the certificates installed.
            Hide
            rtyler R. Tyler Croy added a comment -

            I've uploaded the certs for JFrog to deploy, ball is in their court now.

            Show
            rtyler R. Tyler Croy added a comment - I've uploaded the certs for JFrog to deploy, ball is in their court now.
            Hide
            rtyler R. Tyler Croy added a comment -

            Our DevOps Team will add your certificate and key to your Artifactory SaaS server on Sunday March 6th, during your weekly maintenance.

            We're so close omehegan!

            Show
            rtyler R. Tyler Croy added a comment - Our DevOps Team will add your certificate and key to your Artifactory SaaS server on Sunday March 6th, during your weekly maintenance. We're so close omehegan !
            Hide
            rtyler R. Tyler Croy added a comment -

            The certificate was installed sometime last night by JFrog when I wasn't looking, yay

            Show
            rtyler R. Tyler Croy added a comment - The certificate was installed sometime last night by JFrog when I wasn't looking, yay

              People

              • Assignee:
                rtyler R. Tyler Croy
                Reporter:
                chengas123 Ben McCann
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: