Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-109

Invalid certificate warning on repo-jenkins-ci.org

    Details

    • Similar Issues:

      Description

      The docs (https://wiki.jenkins-ci.org/display/JENKINS/Plugin+tutorial) say to put http://repo.jenkins-ci.org/public/ as a repository. It is a very bad idea to have this hosted on http and not https. For users who have an understanding of security and try to switch it to https they find that it is not even an option and are greeted with an error.

      This is probably not the site you are looking for!
      You attempted to reach repo.jenkins-ci.org, but instead you actually reached a server identifying itself as *.artifactoryonline.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of repo.jenkins-ci.org.
      You should not proceed, especially if you have never seen this warning before for this site.

      Sonatype just got some bad press for fetching jars over http by default and has now changed to https (http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/). I think we should follow their lead.

        Attachments

          Issue Links

            Activity

            chengas123 Ben McCann created issue -
            danielbeck Daniel Beck made changes -
            Field Original Value New Value
            Project Jenkins [ 10172 ] Infrastructure [ 10301 ]
            Key JENKINS-24191 INFRA-109
            Workflow JNJira [ 157069 ] jira [ 157070 ]
            Component/s artifactory [ 18923 ]
            Component/s security [ 15508 ]
            Component/s maven [ 16033 ]
            danielbeck Daniel Beck made changes -
            Priority Critical [ 2 ] Minor [ 4 ]
            danielbeck Daniel Beck made changes -
            Assignee R. Tyler Croy [ rtyler ]
            rtyler R. Tyler Croy made changes -
            Assignee R. Tyler Croy [ rtyler ]
            rtyler R. Tyler Croy made changes -
            Link This issue is duplicated by INFRA-519 [ INFRA-519 ]
            rtyler R. Tyler Croy made changes -
            Summary SSL configuration warning Invalid certificate warning on repo-jenkins-ci.org
            jhoblitt Joshua Hoblitt made changes -
            Link This issue is related to INFRA-587 [ INFRA-587 ]
            rtyler R. Tyler Croy made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            Assignee R. Tyler Croy [ rtyler ]
            rtyler R. Tyler Croy made changes -
            Labels community-bee
            rtyler R. Tyler Croy made changes -
            Status In Progress [ 3 ] Closed [ 6 ]
            Resolution Fixed [ 1 ]

              People

              • Assignee:
                rtyler R. Tyler Croy
                Reporter:
                chengas123 Ben McCann
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: