Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error on 1st Run #2821

Closed
bamaackbar opened this issue Jan 7, 2018 · 17 comments

Comments

Projects
None yet
2 participants
@bamaackbar
Copy link

commented Jan 7, 2018

My Operating System:

Win 10 Pro, 64 bit

Engine version:

1.9.0.0.7621

Map name and version:

N/A

Can you describe how to trigger the error? (eg: what sequence of actions will recreate it?)

When I launch TripleA, the TripleA Constole displays with an error message

Do you have the exact error text? Please copy/paste if so

triplea.engine.version.bin:1.9
Failed while attempting to check for a new Version
Warning!! 1 system checks failed. Some game features may not be available or may not work correctly.
Can connect to github.com (check network connection): false
Can create temporary files (check disk usage, file permissions): true
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
	at java.net.URL.openStream(Unknown Source)
	at games.strategy.engine.framework.EngineVersionProperties.getProperties(EngineVersionProperties.java:77)
	at games.strategy.engine.framework.EngineVersionProperties.<init>(EngineVersionProperties.java:35)
	at games.strategy.engine.framework.EngineVersionProperties.lambda$contactServerForEngineVersionProperties$107(EngineVersionProperties.java:53)
	at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
	at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
	at sun.security.validator.Validator.validate(Unknown Source)
	at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
	... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
	at java.security.cert.CertPathBuilder.build(Unknown Source)
	... 24 more

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at games.strategy.engine.framework.systemcheck.LocalSystemChecker.lambda$defaultNetworkCheck$275(LocalSystemChecker.java:39)
	at games.strategy.engine.framework.systemcheck.SystemCheck.<init>(SystemCheck.java:24)
	at games.strategy.engine.framework.systemcheck.LocalSystemChecker.defaultNetworkCheck(LocalSystemChecker.java:31)
	at games.strategy.engine.framework.systemcheck.LocalSystemChecker.<init>(LocalSystemChecker.java:22)
	at games.strategy.engine.framework.GameRunner.checkLocalSystem(GameRunner.java:299)
	at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
	at games.strategy.engine.framework.systemcheck.LocalSystemChecker.lambda$defaultNetworkCheck$275(LocalSystemChecker.java:37)
	... 5 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
	at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
	at sun.security.validator.Validator.validate(Unknown Source)
	at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
	... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
	at java.security.cert.CertPathBuilder.build(Unknown Source)
	... 23 more
@ssoloff

This comment has been minimized.

Copy link
Member

commented Jan 7, 2018

@bamaackbar The first thing to check here is which version of Java TripleA is using. Please do the following after the TripleA Console pops up:

  1. Click the Clear button.
  2. Click the Properties button.
  3. Click the Copy to clipboard button.

And then paste the copied text into a new comment in this issue.

(Also, could you please confirm the engine version you are using is 1.9.0.0.7621? Just want to make sure it was the trailing "1" that was cut off above.)

@bamaackbar

This comment has been minimized.

Copy link
Author

commented Jan 7, 2018

Yes, I'm using 1.9.0.0.7621, my fault.

Here's the text:

SYSTEM PROPERTIES
awt.toolkit sun.awt.windows.WToolkit
exe4j.consoleCodepage cp0
exe4j.isInstall4j true
exe4j.launchName C:\Program Files\TripleA\TripleA.exe
exe4j.moduleName C:\Program Files\TripleA\TripleA.exe
exe4j.semaphoreName Local\c:_program_files_triplea_triplea.exe0
exe4j.tempDir
exe4j.unextractedPosition 0
file.encoding Cp1252
file.encoding.pkg sun.io
file.separator
install4j.appDir C:\Program Files\TripleA
install4j.exeDir C:\Program Files\TripleA
install4j.launcherId 33
install4j.swt false
java.awt.graphicsenv sun.awt.Win32GraphicsEnvironment
java.awt.printerjob sun.awt.windows.WPrinterJob
java.class.path C:\Program Files\TripleA.install4j\i4jruntime.jar;C:\Program Files\TripleA.\bin\triplea.jar
java.class.version 52.0
java.endorsed.dirs c:\program files\common files\i4j_jres\1.8.0_144\lib\endorsed
java.ext.dirs c:\program files\common files\i4j_jres\1.8.0_144\lib\ext;C:\WINDOWS\Sun\Java\lib\ext
java.home c:\program files\common files\i4j_jres\1.8.0_144
java.io.tmpdir C:\Users\corbi\AppData\Local\Temp
java.library.path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Smart Projects\IsoBuster;C:\Program Files (x86)\HID Global\ActivClient;C:\Program Files\HID Global\ActivClient;C:\Users\corbi\AppData\Local\Microsoft\WindowsApps;;c:\program files\common files\i4j_jres\1.8.0_144\bin
java.runtime.name Java(TM) SE Runtime Environment
java.runtime.version 1.8.0_144-b01
java.specification.name Java Platform API Specification
java.specification.vendor Oracle Corporation
java.specification.version 1.8
java.vendor Oracle Corporation
java.vendor.url http://java.oracle.com/
java.vendor.url.bug http://bugreport.sun.com/bugreport/
java.version 1.8.0_144
java.vm.info mixed mode
java.vm.name Java HotSpot(TM) 64-Bit Server VM
java.vm.specification.name Java Virtual Machine Specification
java.vm.specification.vendor Oracle Corporation
java.vm.specification.version 1.8
java.vm.vendor Oracle Corporation
java.vm.version 25.144-b01
line.separator

os.arch amd64
os.name Windows 10
os.version 10.0
path.separator ;
sun.arch.data.model 64
sun.awt.enableExtraMouseButtons true
sun.awt.exception.handler games.strategy.triplea.ui.ErrorHandler
sun.boot.class.path c:\program files\common files\i4j_jres\1.8.0_144\lib\resources.jar;c:\program files\common files\i4j_jres\1.8.0_144\lib\rt.jar;c:\program files\common files\i4j_jres\1.8.0_144\lib\sunrsasign.jar;c:\program files\common files\i4j_jres\1.8.0_144\lib\jsse.jar;c:\program files\common files\i4j_jres\1.8.0_144\lib\jce.jar;c:\program files\common files\i4j_jres\1.8.0_144\lib\charsets.jar;c:\program files\common files\i4j_jres\1.8.0_144\lib\jfr.jar;c:\program files\common files\i4j_jres\1.8.0_144\classes
sun.boot.library.path c:\program files\common files\i4j_jres\1.8.0_144\bin
sun.cpu.endian little
sun.cpu.isalist amd64
sun.desktop windows
sun.io.unicode.encoding UnicodeLittle
sun.java.command C:\Program Files\TripleA\TripleA.exe
sun.jnu.encoding Cp1252
sun.management.compiler HotSpot 64-Bit Tiered Compilers
sun.os.patch.level
triplea.engine.version.bin 1.9
user.country US
user.dir C:\Program Files\TripleA
user.home C:\Users\corbi
user.language en
user.name corbi
user.script
user.timezone America/Chicago
user.variant

@ssoloff

This comment has been minimized.

Copy link
Member

commented Jan 7, 2018

@bamaackbar Thanks. That version of Java should be ok, but let me double check on my side, as we had a problem with an older version of Java that comes bundled with TripleA.

In the meantime, could you also run the OpenSSL test described here?

@bamaackbar

This comment has been minimized.

Copy link
Author

commented Jan 7, 2018

@ssoloff Thanks for the help. Here's the test results:

C:\Users\corbi\Downloads\openssl-1.0.2l-x64_86-win64>openssl s_client -showcerts -connect raw.githubusercontent.com:443
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
CONNECTED(00000234)
depth=0 C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = www.github.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = www.github.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=www.github.com
   i:/C=US/CN=CovenantEyesProxy (7601)
-----BEGIN CERTIFICATE-----
MIIDyjCCArKgAwIBAgIJANqv+ni77dHOMA0GCSqGSIb3DQEBCwUAMDAxCzAJBgNV
BAYTAlVTMSEwHwYDVQQDDBhDb3ZlbmFudEV5ZXNQcm94eSAoNzYwMSkwHhcNMTcw
MzIzMDAwMDAwWhcNMjAwNTEzMTIwMDAwWjBqMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMM
R2l0SHViLCBJbmMuMRcwFQYDVQQDEw53d3cuZ2l0aHViLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALcPFYAehXhy8NyT3ZnUjvaB3rb0SekNzvFM
9Y7ZRge/UnrOIkjZ3HEsjmoXPM7fx5FPeGKNS5UAm4uQolnwoOHB9wCqrpeOm0pv
JO6HC+5BjoZ+gDgKkbVvoZkyvPPun/9w/TxakT69ir3UORaflmYSHvfxKDHGtfhy
oQweleLmhdgk5ReTpyREnYfB+hUq8EJS9a76+phslbzE6UYrL3DgoENMebeFqeh0
rTaW5AxNdkLdFiBomrFrlAVKk+W120eJDX3ZejeGFdzZN8UmeOztx+nUwNecYool
jAAsR7P5ksAxasqeHJagOIReoDC+2U35WjLtjF7CxFmcCiqeLL0CAwEAAaOBrDCB
qTB7BgNVHREEdDBygg53d3cuZ2l0aHViLmNvbYIMKi5naXRodWIuY29tggpnaXRo
dWIuY29tggsqLmdpdGh1Yi5pb4IJZ2l0aHViLmlvghcqLmdpdGh1YnVzZXJjb250
ZW50LmNvbYIVZ2l0aHVidXNlcmNvbnRlbnQuY29tMAsGA1UdDwQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBACqi
hFU7D5Lbmx8249qBw1sU8Y7incbjIccUdl8vkHEj/5Uk5gX+B1N/fRsPUZKKPvD+
ViInRIXgSfZJOgiEfxgXIkR0vT2oLh5tIvWxe+F1W2K7JU8Wi1JnLBPtxM7UCXYW
PICFNLMls5yhXqE1tkQEH3CURhSdCmV6VZPH7goQtLNa4liFxS722YWagfwnC25n
4WzkuJ2GDE3rCQMYyNQ4qLDMuieZyiV1kh7q4K9uLdiB0xhsqapifQnmm+EnAgDZ
6HdliltfHOdztlKKvu+B2BfmzmGdOYv65th2DJ1wA/lZ7YjJtJIFuK8r0QnttrdD
PJqw7HDLBcTghKOm3b8=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=www.github.com
issuer=/C=US/CN=CovenantEyesProxy (7601)
---
No client certificate CA names sent
---
SSL handshake has read 1282 bytes and written 625 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-GCM-SHA384
    Session-ID: DBFCF50E9550802637CA202C79424FE31A0F7C5EB5041372D26E85AEC84FA546
    Session-ID-ctx:
    Master-Key: 98FF55F5957106714BA22A87E1789380B02640A39D7CD5785CD37E37AB0ED2EFDC060E39A83043FF1F9407378EDAF632
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - aa 73 df 11 cf 77 d9 ca-af 11 ab af 10 f3 72 ed   .s...w........r.
    0010 - 61 26 b8 b0 ab 57 00 c0-9d 43 2b 2d 58 f0 c8 5d   a&...W...C+-X..]
    0020 - 2b c4 f1 c0 f1 fe 54 97-47 02 83 93 53 40 72 86   +.....T.G...S@r.
    0030 - 5c f0 89 4b a4 6b 11 10-60 70 42 77 3a 52 e8 4c   \..K.k..`pBw:R.L
    0040 - 96 e9 3c a6 a8 d5 4c ae-62 ba 41 15 db 65 0c 4c   ..<...L.b.A..e.L
    0050 - b6 f0 f0 e3 87 e9 79 88-fd a9 68 15 51 a7 d8 93   ......y...h.Q...
    0060 - 78 99 53 fa 8c 33 2d 04-59 c5 f0 2e 99 1d d8 a9   x.S..3-.Y.......
    0070 - 9a 72 5b c4 5b 23 9e 2c-17 fd b0 8c eb e0 a0 c3   .r[.[#.,........
    0080 - 40 b6 04 e4 d2 65 e6 7d-74 21 fe de 76 53 62 b6   @....e.}t!..vSb.
    0090 - 05 09 b0 7e 04 07 f0 c5-ab 98 95 b3 93 46 88 ca   ...~.........F..

    Start Time: 1515363627
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
@ssoloff

This comment has been minimized.

Copy link
Member

commented Jan 7, 2018

@bamaackbar Awesome turnaround time! I don't even need to run the JVM test because your OpenSSL log clearly shows what the problem is.

Just as with another user (see #2472 for all the details), it appears you are running behind a TLS proxy. That proxy injects a self-signed certificate into all HTTPS connections so it can intercept the (supposedly) secure traffic going between your client and the server. Unfortunately, that particular proxy software (CovenantEyes) does not appear to install its certificate in the Java truststore, and the result is that no Java application can validate TLS connections. (EDIT: It may install its certificate into a normal Java install [e.g. one installed via a download from Oracle], but it would have no idea about the bundled JREs used by TripleA. That may have been why the user in #2472 still experienced the problem after they installed the certificate: the target cacerts file they used may not have been part of the JRE used by TripleA but rather the "system" JRE.)

We tried resolving this with the user who reported it in #2472, but they unfortunately gave up on the task before we could confirm the resolution process worked. If you'd like to proceed, the next step would be to save a copy of the proxy's certificate and install it in the truststore for the JVM you are using. You can find my best attempt at instructions for doing this in this comment. Note that you must install the certificate into the cacerts file for the JVM TripleA is using, which according to your previous comment is located at c:\program files\common files\i4j_jres\1.8.0_144.

As mentioned in #2472, you also have the option of just uninstalling the proxy if you wish. If you installed TripleA to the C:\Program Files folder, as indicated above, then, most likely, you have sufficient permissions to uninstall the proxy, as well.

If you choose to install the proxy certificate, please feel free to ask for any clarification on the process. It would be great to get a confirmed resolution for this type of problem so that we can just point the next person who reports it to those steps.

@bamaackbar

This comment has been minimized.

Copy link
Author

commented Jan 8, 2018

I tried the procedure you recommended. I saved the CovenantEyes certificate from Firefox. I then copied the certificate to [C:\Program Files\Common Files\i4j_jres\1.8.0_144\lib\security]. I opened an admin cmd prompt, navigated to the ...lib\security location, and ran the keytool command [keytool -keystore cacerts -importcert -alias covenanteyes -file CovenantEyesProxy(7601).crt]. I then got the following response: "'keytool' is not recognized as an internal or external command,
operable program or batch file."

Thanks for your help. Happy to try other steps.

@ssoloff

This comment has been minimized.

Copy link
Member

commented Jan 8, 2018

@bamaackbar Sorry, I should have clarified since you're using a bundled JRE... The keytool.exe file won't be on your PATH, so you'll have to provide the absolute path to this program. In that case, the command line you provided above will become:

"C:\Program Files\Common Files\i4j_jres\1.8.0_144\bin\keytool" -keystore cacerts -importcert -alias covenanteyes -file CovenantEyesProxy(7601).crt

I also forgot to mention that you should probably backup the cacerts file just in case. 😄

@bamaackbar

This comment has been minimized.

Copy link
Author

commented Jan 8, 2018

Okay, I ran the keytool.exe using the command. The response was "Enter keystore password." I tried entering numbers or letters but none of the keystrokes seemed to be accepted.

@ssoloff

This comment has been minimized.

Copy link
Member

commented Jan 8, 2018

@bamaackbar Again, sorry for not filling in these missing bits; It's been a while since I looked at this problem. The default truststore password should be changeit. The password will not be echoed back to the screen, so you won't get any feedback until you press ENTER.

@bamaackbar

This comment has been minimized.

Copy link
Author

commented Jan 8, 2018

@ssoloff Thanks for that. I entered the password (twice) and the certificate was added to the keystore and I responded Y to the trust? prompt. I displayed the list of certificates and verified it is in the keystore.:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

covenanteyes, Jan 7, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 86:77:2D:D0:60:DA:63:6F:45:A2:F8:95:E3:F6:82:FC:B8:5C:B5:3D

Restart and try TripleA?

@ssoloff

This comment has been minimized.

Copy link
Member

commented Jan 8, 2018

Your keystore contains 1 entry

@bamaackbar Hmm, that's strange. There should have been 100 or so entries prior to any change you made. Did you pass an argument to the -list command to filter it or something? If not, it's possible you imported the certificate into the wrong file.

Let me verify the 144 bundled JRE cacerts file is not empty for some reason.

@bamaackbar

This comment has been minimized.

Copy link
Author

commented Jan 8, 2018

I entered "keytool.exe -list -keystore cacerts" at the [C:\Program Files\Common Files\i4j_jres\1.8.0_144\bin>] command prompt. I had to enter the keystore password and then it displayed the text I posted above about 1 entry.
@ssoloff

@ssoloff

This comment has been minimized.

Copy link
Member

commented Jan 8, 2018

Let me verify the 144 bundled JRE cacerts file is not empty for some reason.

I see 105 entries, so you should have 106 after adding the proxy certificate:

C:\Users\me\Downloads\windows-amd64-1.8.0_144\lib\security>keytool -keystore cacerts -list
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 105 entries

< ... snip ... >
@ssoloff

This comment has been minimized.

Copy link
Member

commented Jan 8, 2018

I entered "keytool.exe -list -keystore cacerts" at the [C:\Program Files\Common Files\i4j_jres\1.8.0_144\bin>] command prompt.

@bamaackbar Ah, it looks like you're in the wrong folder. The cacerts file is in lib/security not bin. Your previous run ended up creating a new file with a single entry. You're going to need to provide the full path to either keytool.exe or cacerts depending on which folder you run it from.

@bamaackbar

This comment has been minimized.

Copy link
Author

commented Jan 8, 2018

Okay, I think I got it.

  1. From command prompt [C:\Program Files\Common Files\i4j_jres\1.8.0_144\bin>], ran "keytool.exe -keystore "C:\Program Files\Common Files\i4j_jres\1.8.0_144\lib\security\cacerts" -importcert -alias covenanteyes -file CovenantEyesProxy(7601).crt"
    Certificate was added after answering Y to trust? prompt
  2. Cacerts file now has 106 entries.
@bamaackbar

This comment has been minimized.

Copy link
Author

commented Jan 8, 2018

And TripleA works. @ssoloff Thanks for your help

@ssoloff

This comment has been minimized.

Copy link
Member

commented Jan 8, 2018

@bamaackbar Excellent! Thanks for slogging through these technical details. Now that we've confirmed a fix, it will be tremendously helpful to the next TripleA player who runs into a similar TLS proxy problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.