I ran into some trouble with the Android SDK on a freshly installed Ubuntu Server 14.12 with OpenJDK due to an empty Java CA certificates keystore. Both version 7 and 8 of OpenJDK seemed to be affected. A fix is described below.Whenever I fired up the android tool in the SDK to install additional components it failed to download repository data from Google’s server and instead showed these errors:
Fetching https://dl-ssl.google.com/android/repository/addons_list-2.xml Failed to fetch URL https://dl-ssl.google.com/android/repository/addons_list-2.xml, reason: peer not authenticated Fetched Add-ons List successfully Fetching URL: https://dl-ssl.google.com/android/repository/repository-10.xml Failed to fetch URL https://dl-ssl.google.com/android/repository/repository-10.xml, reason: SSLPeerUnverified peer not authenticated
The source of the problem turned out to be an empty Certificate Authority keystore. Somehow dpkg seems to try to build the Java keystore (/etc/ssl/certs/java/cacerts) before it actually installs Java, which the the tool to build the store requires. The result is an empty store:
root@gl:/etc/ssl/certs/java# keytool -list -keystore cacerts Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 0 entries
Note: the default password for the keystore is “changeit”.
Fix: To properly build the keystore with all trusted CA certificates, run this:
root@gl:~# rm /etc/ssl/certs/java/cacerts root@gl:~# /var/lib/dpkg/info/ca-certificates-java.postinst configure
You should see a long list of added certificates (*.pem) and finally a “done”.