Certificate issue while installing Temurin-17

[Sekharz]

Hi Team,

I followed the instructions here to install temurin-*-jdk(s) in a debian:stable-slim docker image and I have been getting the below error messages:

When using wget:

root@82f5dbc5e166:~# wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor | tee /etc/apt/trusted.gpg.d/adoptium.gpg > /dev/null
gpg: no valid OpenPGP data found.

And when using curl to save the gpg key it succeeds but when I go for a apt update I get the below error:

root@82f5dbc5e166:~# apt update
Ign:1 https://packages.adoptium.net/artifactory/deb bookworm InRelease
Hit:2 http://deb.debian.org/debian stable InRelease
Ign:1 https://packages.adoptium.net/artifactory/deb bookworm InRelease
Hit:3 http://deb.debian.org/debian stable-updates InRelease
Hit:4 http://deb.debian.org/debian-security stable-security InRelease
Ign:1 https://packages.adoptium.net/artifactory/deb bookworm InRelease
Err:1 https://packages.adoptium.net/artifactory/deb bookworm InRelease
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 151.101.155.42 443]
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: Failed to fetch https://packages.adoptium.net/artifactory/deb/dists/bookworm/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 151.101.155.42 443]
W: Some index files failed to download. They have been ignored, or old ones used instead.

And then when I get to apt install temurin-17-jdk I get the below as expected.

root@82f5dbc5e166:~# apt install temurin-17-jdk
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package temurin-17-jdk

Any help on fixing the certificate issue?

[sxa]

Not sure if this was a temporary glitch but I'm unable to reproduce it:

sxa@fedora:~$ podman run -it debian:stable-slim
root@5970c9483397:/# apt-get update && apt install wget gpg
[...]
root@5970c9483397:/# wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor | tee /etc/apt/trusted.gpg.d/adoptium.gpg > /dev/null
root@5970c9483397:/# 

The apt install temurin-17-jdk seems ok in that container on my system. Are you still experiencing a problem with this?

[karianna]

@Sekharz ^^

[feliperoos]

I'm having same issue in Ubuntu WSL. I'm behind a proxy, though.

root@felipe:/home/felipe#  wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor | tee /etc/apt/trusted.gpg.d/adoptium.gpg > /dev/null
gpg: no valid OpenPGP data found.
root@felipe:/home/felipe#

if I try to wget it

root@felipe:/home/felipe# wget https://packages.adoptium.net/artifactory/api/gpg/key/public
--2024-11-01 10:01:31--  https://packages.adoptium.net/artifactory/api/gpg/key/public
Resolving packages.adoptium.net (packages.adoptium.net)... 104.18.20.66, 104.18.21.66, 2606:4700::6812:1542, ...
Connecting to packages.adoptium.net (packages.adoptium.net)|104.18.20.66|:443... connected.
ERROR: cannot verify packages.adoptium.net's certificate, issued by ‘CN=Zscaler Intermediate Root CA (zscalerthree.net) (t)\\ ,OU=Zscaler Inc.,O=Zscaler Inc.,ST=California,C=US’:
  Unable to locally verify the issuer's authority.
To connect to packages.adoptium.net insecurely, use `--no-check-certificate'.

Maybe proxy is getting in the middle? Any tips on how to handle that?