Certificate issues After publishing

Hi I recently attempted to publish an API to a remote server that utilizes Auth0 API (Java jersey API). After publishing I am able to Authenticate via username and password and I receive a token. When I attempt to pass that token back to the API to perform other task, I get the below (screenshot error). I’ve gone to your site and added the certificate from the (Application --> Advanced Setings --> Certificates tab) and added it to my remote server. I have also generated a token from the “.auth0.com/.well-known/jwks.json” space and the general auth0.com space. I still receive the same error. What should I be doing to resolve this issue?

It seems that the environment running the app doesn’t recognize the root Certificate Authority for the certificate, as described here.

Here’s the info on the issuer of the Root CA for the auth0.com domain:

You should be able to download the Root CA perm for Amazon Root CA 1 from here.

Hi, and thank you for your speedy response. I downloaded and ran the cert from the Amazon page (both .cer and .pem). I installed them using the keytool command.

“keytool -import -trustcacerts -file C:\AmazonRootCA1.cer -alias Auth0_Official -keystore “c:\Program Files\Java\jre1.8.0_211\lib\security\cacerts””

I then checked the cacerts file for the newly added certificate using (“keytool -v -list -keystore cacerts”) and I got the information below. I’m still receiving the same error when I call the API.



Alias name: auth_official
Creation date: Dec 5, 2019
Entry type: trustedCertEntry

Owner: CN=Amazon Root CA 1, O=Amazon, C=US
Issuer: CN=Amazon Root CA 1, O=Amazon, C=US
Serial number: 66c9fcf99bf8c0a39e2f0788a43e696365bca
Valid from: Mon May 25 19:00:00 CDT 2015 until: Sat Jan 16 18:00:00 CST 2038
Certificate fingerprints:
MD5: 43:C6:BF:AE:EC:FE:AD:2F:18:C6:88:68:30:FC:C8:E6
SHA1: 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16
SHA256: 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

#2: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 84 18 CC 85 34 EC BC 0C 94 94 2E 08 59 9C C7 B2 …4…Y…
0010: 10 4E 0A 08 .N…
]
]

I don’t know if this applies to your app, but did you try restarting your Java service that’s using the reconfigured JVM after adding the Root CA?

Just tried stopping and starting the web server. No luck i’m afraid. Same error.

I also just rebooted the server. Still no change :frowning:

Any chance you have multiple Java versions? I recall it’s also possible to specify a different trust store in code or at run-time, so that’s worth checking as well.

If you mean jdk installations, yes (see screenshot). I performed the installation task on the jre.x and the jdk1.8, but not the 12.0.1.I can try it on the 12.x but as far as uninstalling anything, I’d have to speak with another developer to see which is being utilized.
image

Is there any setting for Auth0 that I need to configure/set?

The different runtimes should be able to coexist relatively happily, it’s just a matter of updating the trust store for the runtime that executes your code.

There isn’t a setting on the Auth0 side that would affect this–this sounds like it’s entirely on the client side. Are you making any progress here?

1 Like