It's all about the answers!

Ask a question

RTC Login with Java API when RTC Server uses SSL Certificates

Tiago Fernandez (5341619) | asked Oct 09 '13, 5:31 p.m.


I have to login into our RTC server via java API,
I've been working first in a Sandbox RTC where login was successfull, but when I tried to move to the production RTC the login fails because that RTC uses ssl certificates to access.

So my question is how should be the code to login when RTC access has ssl certicates?

Following is part of the code I currently have (it is groovy) where first I check if URL is recheable and then performs the connection.
Thanks a lot for the help:

def loginRTC(repositoryUri, user, passwd, mon = null){

 println "\tChecking if specified address '" + repositoryUri + "' with provided user '" + user + "' and password '" + passwd + "' is reachable...."
 def resType = urlIsReachable(repositoryUri, 5000, user, passwd)
 println "\tResult Type is: " + resType.getClass()
 if(!(resType instanceof HttpURLConnection)){
  println "\tSpecified address is unreachable. It might be because that server is not up or specified credentials are incorrect or doesn't have sufficent permissons."
  return -1
  println "\tSpecified address is reachable."
 try {
  ITeamRepository repository = TeamPlatform.getTeamRepositoryService().getTeamRepository(repositoryUri)
  repository.registerLoginHandler(new ILoginHandler2() {
   public ILoginInfo2 challenge(ITeamRepository arg0) {
    return new UsernameAndPasswordLoginInfo(user, passwd)
  return repository
 catch (Exception e) {
     println "\tError message is: " + e.getCause() + ", String: " + e.getCause().toString()
  return -1

def urlIsReachable(Uri, timeout = 0, username = "", password = ""){
 def authString = (username + ":" + password).getBytes().encodeBase64().toString()

 def conn = Uri.toURL().openConnection()
 conn.setRequestProperty( "Authorization", "Basic ${authString}" )
 println "\tSetting timeout to: " + timeout
 println "\tNow the timeout is: " + conn.getConnectTimeout()
  //def objData = urlConnect.getContent()
  println "\tresponse Code is: " + conn.responseCode
  if(conn.responseCode == 200) {
   println "\tConnection was successful...."
   return conn
  }else if(conn.responseCode == 401) {
   println "\tConnection was unauthorized...."
   return "UNAUTHORIZED"
  }else {
   println "\tConnection result was other...."
   return "OTHER"
 } catch (Exception e) {             
        println "\tError message is: " + e.getMessage()
        return "UNREACHABLE"

Joseph Mao commented Oct 09 '13, 9:14 p.m.

Did you add SSL certificate into your <JAVA_HOME>/lib/security/cacerts file? 

Tiago Fernandez commented Oct 10 '13, 8:45 p.m.

Thanks a lot for the comment.
I could figure out a solution similar but adding the certificate in another path.
I will detail the explanation in the following response.

Thank you very much.

One answer

permanent link
Tiago Fernandez (5341619) | answered Oct 10 '13, 9:25 p.m.
edited Oct 10 '13, 9:30 p.m.

I could find a solution that works for my case:

My script is a groovy script which is run by an application under tomcat. This script tries to connect into RTC but the RTC server has self SSL Certicates.
So first I got the certificate from the Firefox Mozila and then I used the keytool (Java tool) to import that certificate into a custom certificate database named for example 'certificateDatabaseRtcTomcat.jks'.
The command I run is:
keytool -import -trustcacerts -alias <any alias> -file <path to the certificate> -keystore certificateDatabaseRtcTomcat.jks

After that, I added the value as part of the CATALINA_OPTS in the tomcat/bin/
It is something like that:
Of course, then restart the Tomcat.

After this, my application when run the groovy script, it can connect successfully to the RTC Server with SSL Certificate.


PS: Also as Joseph Mao mentioned in the prior comment, maybe the certificate could be imported directly to the Java database certificate <JAVA_HOME>/lib/security/cacerts instead of a custom database certificate as I did, with that maybe it would not be necessary to specify the path in the CATALINA_OPTS of tomcat, since <JAVA_HOME>/lib/security/cacerts is the default one.

Your answer

Register or to post your answer.