Hi all,
I've recently installed and LE cert to an openLDAP server I am running. I run two instances of Sonatype Nexus and I use LDAP authentication for both (which was working previously with a different CA cert). The configuration for both as far as LDAP auth is identical; however one is working and one is not.
I sucessfully imported the LE root certs to keystores on both machines. However, when I test the connection on the second one, I get a message stating:
"There is an error communicating with the server.Failed to connect to Ldap Server: simple bind failed: ldap.mydomain.com:636
Nexus returned an error: ERROR 400: Bad Request
Checking the logs, there are a bunch of what look like Java/cert related errors (I'm no Java expert but have managed to import to the keystore which is obviously pretty straightforward).
2016-06-08 08:46:34,367+0100 DEBUG [qtp365319977-46] admin org.sonatype.nexus.security.ldap.realms.test.api.LdapTestAuthenticationPlexusResource - Failed to connect to Ldap Server.
javax.naming.CommunicationException: simple bind failed: ldap.mydomain.com:636
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:319) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[na:1.8.0_91]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[na:1.8.0_91]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[na:1.8.0_91]
at javax.naming.InitialContext.init(InitialContext.java:244) ~[na:1.8.0_91]
at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:154) ~[na:1.8.0_91]
at org.sonatype.security.ldap.realms.DefaultLdapContextFactory.getLdapContext(DefaultLdapContextFactory.java:254) ~[na:na]
at org.sonatype.security.ldap.realms.DefaultLdapContextFactory.getSystemLdapContext(DefaultLdapContextFactory.java:239) ~[na:na]
at org.sonatype.security.ldap.dao.DefaultLdapConnectionTester.testConnection(DefaultLdapConnectionTester.java:53) ~[na:na]
at org.sonatype.nexus.security.ldap.realms.test.api.LdapTestAuthenticationPlexusResource.put(LdapTestAuthenticationPlexusResource.java:103) ~[na:na]
at org.sonatype.plexus.rest.resource.RestletResource.storeRepresentation(RestletResource.java:299) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.sonatype.nexus.rest.NexusRestletResource.storeRepresentation(NexusRestletResource.java:91) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.resource.Resource.put(Resource.java:706) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.resource.Resource.handlePut(Resource.java:603) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Finder.handle(Finder.java:359) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.doHandle(Filter.java:150) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.handle(Filter.java:195) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Router.handle(Router.java:504) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.doHandle(Filter.java:150) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.handle(Filter.java:195) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.doHandle(Filter.java:150) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.sonatype.plexus.rest.RetargetableRestlet.doHandle(RetargetableRestlet.java:36) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.handle(Filter.java:195) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.doHandle(Filter.java:150) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.handle(Filter.java:195) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.doHandle(Filter.java:150) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.handle(Filter.java:195) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.doHandle(Filter.java:150) [nexus-restlet1x-plugin-2.12.0-01/:na]
at com.noelios.restlet.StatusFilter.doHandle(StatusFilter.java:130) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.handle(Filter.java:195) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.doHandle(Filter.java:150) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.handle(Filter.java:195) [nexus-restlet1x-plugin-2.12.0-01/:na]
at com.noelios.restlet.ChainHelper.handle(ChainHelper.java:124) [nexus-restlet1x-plugin-2.12.0-01/:na]
at com.noelios.restlet.application.ApplicationHelper.handle(ApplicationHelper.java:112) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Application.handle(Application.java:341) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.doHandle(Filter.java:150) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.handle(Filter.java:195) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Router.handle(Router.java:504) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.doHandle(Filter.java:150) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Filter.handle(Filter.java:195) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Router.handle(Router.java:504) [nexus-restlet1x-plugin-2.12.0-01/:na]
at com.noelios.restlet.ChainHelper.handle(ChainHelper.java:124) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Component.handle(Component.java:676) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.restlet.Server.handle(Server.java:331) [nexus-restlet1x-plugin-2.12.0-01/:na]
at com.noelios.restlet.ServerHelper.handle(ServerHelper.java:68) [nexus-restlet1x-plugin-2.12.0-01/:na]
at com.noelios.restlet.http.HttpServerHelper.handle(HttpServerHelper.java:147) [nexus-restlet1x-plugin-2.12.0-01/:na]
at com.noelios.restlet.ext.servlet.ServerServlet.service(ServerServlet.java:881) [nexus-restlet1x-plugin-2.12.0-01/:na]
at org.sonatype.nexus.restlet1x.internal.RestletServlet.service(RestletServlet.java:93) [nexus-restlet1x-plugin-2.12.0-01/:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) [javax.servlet-3.0.0.v201112011016.jar:na]
at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:288) [guice-servlet-3.1.10.jar:3.1.10]
at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:278) [guice-servlet-3.1.10.jar:3.1.10]
at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:182) [guice-servlet-3.1.10.jar:3.1.10]
at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:93) [guice-servlet-3.1.10.jar:3.1.10]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) [guice-servlet-3.1.10.jar:3.1.10]
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.3.jar:1.2.3]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [guice-servlet-3.1.10.jar:3.1.10]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) [shiro-web-1.2.3.jar:1.2.3]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [guice-servlet-3.1.10.jar:3.1.10]
at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:120) [guice-servlet-3.1.10.jar:3.1.10]
at org.sonatype.nexus.web.internal.NexusGuiceFilter$MultiFilterChain.doFilter(NexusGuiceFilter.java:82) [nexus-core-2.12.0-01.jar:2.12.0-01]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:89) [guice-servlet-3.1.10.jar:3.1.10]
at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:120) [guice-servlet-3.1.10.jar:3.1.10]
at org.sonatype.nexus.web.internal.NexusGuiceFilter$MultiFilterChain.doFilter(NexusGuiceFilter.java:82) [nexus-core-2.12.0-01.jar:2.12.0-01]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:89) [guice-servlet-3.1.10.jar:3.1.10]
at com.sonatype.nexus.analytics.internal.RestRequestCollector.doFilter(RestRequestCollector.java:81) [nexus-analytics-plugin-2.12.0-01/:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [guice-servlet-3.1.10.jar:3.1.10]
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [shiro-web-1.2.3.jar:1.2.3]
at org.sonatype.nexus.web.internal.SecurityFilter.executeChain(SecurityFilter.java:90) [nexus-core-2.12.0-01.jar:2.12.0-01]
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.3.jar:1.2.3]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [guice-servlet-3.1.10.jar:3.1.10]
at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:120) [guice-servlet-3.1.10.jar:3.1.10]
at org.sonatype.nexus.web.internal.NexusGuiceFilter$MultiFilterChain.doFilter(NexusGuiceFilter.java:82) [nexus-core-2.12.0-01.jar:2.12.0-01]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:89) [guice-servlet-3.1.10.jar:3.1.10]
at com.yammer.metrics.web.WebappMetricsFilter.doFilter(WebappMetricsFilter.java:76) [metrics-web-2.2.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [guice-servlet-3.1.10.jar:3.1.10]
at org.sonatype.nexus.web.internal.CommonHeadersFilter.doFilter(CommonHeadersFilter.java:69) [nexus-core-2.12.0-01.jar:2.12.0-01]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [guice-servlet-3.1.10.jar:3.1.10]
at org.sonatype.nexus.web.internal.ErrorPageFilter.doFilter(ErrorPageFilter.java:71) [nexus-core-2.12.0-01.jar:2.12.0-01]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [guice-servlet-3.1.10.jar:3.1.10]
at org.sonatype.nexus.web.internal.BaseUrlHolderFilter.doFilter(BaseUrlHolderFilter.java:66) [nexus-core-2.12.0-01.jar:2.12.0-01]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [guice-servlet-3.1.10.jar:3.1.10]
at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:120) [guice-servlet-3.1.10.jar:3.1.10]
at org.sonatype.nexus.web.internal.NexusGuiceFilter$MultiFilterChain.doFilter(NexusGuiceFilter.java:82) [nexus-core-2.12.0-01.jar:2.12.0-01]
at org.sonatype.nexus.web.internal.NexusGuiceFilter$MultiFilterPipeline.dispatch(NexusGuiceFilter.java:56) [nexus-core-2.12.0-01.jar:2.12.0-01]
at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:132) [guice-servlet-3.1.10.jar:3.1.10]
at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:129) [guice-servlet-3.1.10.jar:3.1.10]
at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:206) [guice-servlet-3.1.10.jar:3.1.10]
at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:129) [guice-servlet-3.1.10.jar:3.1.10]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1476) [jetty-servlet-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501) [jetty-servlet-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557) [jetty-security-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429) [jetty-servlet-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at com.yammer.metrics.jetty.InstrumentedHandler.handle(InstrumentedHandler.java:200) [metrics-jetty-2.2.0.jar:na]
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.server.Server.handle(Server.java:370) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865) [jetty-http-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) [jetty-http-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) [jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696) [jetty-io-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53) [jetty-io-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) [jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) [jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_91]
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[na:1.8.0_91]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) ~[na:1.8.0_91]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_91]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_91]
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747) ~[na:1.8.0_91]
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) ~[na:1.8.0_91]
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) ~[na:1.8.0_91]
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) ~[na:1.8.0_91]
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426) ~[na:1.8.0_91]
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359) ~[na:1.8.0_91]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) ~[na:1.8.0_91]
... 138 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:352) ~[na:1.8.0_91]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:249) ~[na:1.8.0_91]
at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.8.0_91]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_91]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[na:1.8.0_91]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[na:1.8.0_91]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ~[na:1.8.0_91]
... 151 common frames omitted
Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135) ~[na:1.8.0_91]
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:219) ~[na:1.8.0_91]
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140) ~[na:1.8.0_91]
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79) ~[na:1.8.0_91]
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) ~[na:1.8.0_91]
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:347) ~[na:1.8.0_91]
... 157 common frames omitted
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Apr 22 00:59:59 BST 2016
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) ~[na:1.8.0_91]
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) ~[na:1.8.0_91]
at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:190) ~[na:1.8.0_91]
at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144) ~[na:1.8.0_91]
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125) ~[na:1.8.0_91]
... 162 common frames omitted
Sorry I included so much but I wanted to capture all the errors and I'm at my wits end, have spent days on this. Does anyone have any suggestions?