2015/04/26

Fixing Certificate Issue for Minecraft under Ubuntu

The Minecraft game on one of my Ubuntu pc's suddenly failed to start. After some digging into the logs, it became clear that the minecraft servers use a new certificate that can't be validated by the java cacerts file on my Ubuntu 14.10 installation.

Luckily, the solution is simple. Open a terminal and execute the following commands
  • echo -n | openssl s_client -connect libraries.minecraft.net:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/minecraft.crt 
  • sudo keytool -import -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -alias mycert -file /tmp/minecraft.crt 
The first command retrieves the certificate from libraries.minecraft.net, the second imports it into the java certificate store.

reference: http://stackoverflow.com/questions/11617210/how-to-properly-import-a-selfsigned-certificate-into-java-keystore-that-is-avail

Detailed error log before the fix:
  [20:52:56 WARN]: Couldn't download https://libraries.minecraft.net/org/apache/commons/commons-compress/1.8.1/commons-compress-1.8.1.jar for job 'Version & Libraries'
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_45]
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) ~[?:1.8.0_45]
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[?:1.8.0_45]
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:1.8.0_45]
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) ~[?:1.8.0_45]
 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) ~[?:1.8.0_45]
 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_45]
 at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[?:1.8.0_45]
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) ~[?:1.8.0_45]
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) ~[?:1.8.0_45]
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) ~[?:1.8.0_45]
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_45]
 at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) ~[?:1.8.0_45]
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) ~[?:1.8.0_45]
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512) ~[?:1.8.0_45]
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440) ~[?:1.8.0_45]
 at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) ~[?:1.8.0_45]
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) ~[?:1.8.0_45]
 at com.mojang.launcher.updater.download.ChecksummedDownloadable.download(ChecksummedDownloadable.java:49) ~[launcher_mcpatched.jar:?]
 at com.mojang.launcher.updater.download.DownloadJob.popAndDownload(DownloadJob.java:109) [launcher_mcpatched.jar:?]
 at com.mojang.launcher.updater.download.DownloadJob.access$000(DownloadJob.java:12) [launcher_mcpatched.jar:?]
 at com.mojang.launcher.updater.download.DownloadJob$1.run(DownloadJob.java:86) [launcher_mcpatched.jar:?]
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_45]
 at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_45]
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_45]
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_45]
 at java.lang.Thread.run(Thread.java:745) [?:1.8.0_45]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[?:1.8.0_45]
 at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_45]
 at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_45]
 at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_45]
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:1.8.0_45]
 at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[?:1.8.0_45]
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460) ~[?:1.8.0_45]
 ... 22 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145) ~[?:1.8.0_45]
 at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) ~[?:1.8.0_45]
 at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_45]
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:1.8.0_45]
 at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_45]
 at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_45]
 at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_45]
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:1.8.0_45]
 at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[?:1.8.0_45]
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460) ~[?:1.8.0_45]
 ... 22 more
[20:52:56 ERROR]: Gave up trying to download https://libraries.minecraft.net/org/apache/commons/commons-compress/1.8.1/commons-compress-1.8.1.jar for job 'Version & Libraries'
[20:52:56 ERROR]: Job 'Version & Libraries' finished with 31 failure(s)! (took 0:00:02.233)