Extensions Download - unable to find valid certification path

Hey guys,

I’m having some issues downloading extensions in the xwiki extension manager.
When i try to install any extension it says its unable to find a valid certification path.

I also have the Active Directory extension installed and conigured.
I dont know wether it has anything todo with it, but I had to import my own internal CA cert to the jssecerts keystore like mentioned on the bottom of this site:
Use cases of configuration to authenticate users with LDAP (XWiki.org)

Here is the full error message attached, as its very long:
extension download error.txt (79.3 KB)

Which exact version of Java are you using ? This is the kind of error you can get with a very old version of Java 8 for example because it does not know Let's Encrypt certificates.

When i run java --version on the Servers console I get the following Version:

openjdk 11.0.11 2021-04-20
OpenJDK Runtime Environment (build 11.0.11+9-post-Debian-1deb10u1)
OpenJDK 64-Bit Server VM (build 11.0.11+9-post-Debian-1deb10u1, mixed mode, sharing)

I was able to fix the problem:

In the XWiki Docomentation I read that LDAPS authentication needs the internal CA Certificate importet to the Java Certificate Store.

Maybe i misunderstood the documentation, so I manually created the “jssecacerts” store in "/usr/lib/jvm/java-11-openjdk-amd64/lib/security". So the manually created certstore “jssecacerts” only provided my own internal CA Certificate.

I know deleted the jssecacerts file and importet my internal CA Cert into the "/etc/ssl/certs/java/cacerts" keystore.

Now LDAPS is working and im able to download Extensions again.

There is no relationship between LDAP or your internal certificate and your error which was that XWiki could not access https://extensions.xwiki.org/xwiki/rest/repository/extensions/com.xwiki.diagram%3Aapplication-diagram/versions/1.16 because it does not know the certificate.