It's all about the answers!

Ask a question

How to create RTC build engine with Jenkins using SSL


Dan Clark (1824) | asked Sep 17 '14, 2:17 p.m.
When configuring the build engine in RTC I input the https address of the jenkins server. When I go to test the connection I get an SSL handshake error (listed below). I think this is because I have to configure the RTC server, or WebSphere on the RTC server, to accept the certificate and the CA. Does anyone have any suggestions or links to articles on how to configure ssl properly so the build engine and build will work with SSL?

Connection test requested.
    Connecting to: https://host.com/jenkins
    Exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    Test connection FAILED!

Accepted answer


permanent link
Brett Waldo (951220) | answered Sep 17 '14, 9:41 p.m.
 So, I work with the OP and after a bunch of hours tracking this down, I eventually found the issue was the jenkins server apache configuration was using SSLv3. Commenting that out and using only v2 fixed the issue. There are possibly other ways to fix the issue but that is well beyond my skills.

I figure one of these has a bug, or an incompatiblity with SSL v3:
Eclipse Luna
RTC eclipse plugin v5.0.1
Websphere 8.5
Java 1.7u65
Jenkins 1.551
Apache 2.2.15
openssl-1.0.1e
mod_ssl-2.2.15


Dan Clark selected this answer as the correct answer

Comments
Dan Clark commented Sep 17 '14, 9:55 p.m.

That fixed the problem. As soon as I disabled SSLv3 the whole thing worked. I can even check "Validate HostName"

Perhaps this should be filed as a bug against RTC? or is this just an issue with SSL in general?


Nick Edgar commented Sep 18 '14, 9:24 a.m.
JAZZ DEVELOPER

Good to hear, and thanks for letting us know. The H/J integration in RTC currently uses Java's HttpURLConnection obtained via URL.openConnection(), with an "allow all" host name verifier set if "Validate Hostname" is unchecked. So I suspect it's an issue with Java itself. As per this post, you could try adding -Dhttps.protocols=SSLv3 to the startup options for the RTC server.

One other answer



permanent link
Nick Edgar (6.5k711) | answered Sep 17 '14, 2:46 p.m.
JAZZ DEVELOPER
Hi Dan, some things to check:
- can you connect to https://host.com/jenkins in a browser on the same machine running the RTC server?
- is it missing a port setting?
- does host.com have a valid certificate?
- if you uncheck 'Validate Hostname' in the build engine editor, does test connection work?


Comments
Nick Edgar commented Sep 17 '14, 2:48 p.m.
JAZZ DEVELOPER

If it works with Validate Hostname unchecked, but you want to run with it checked, then you may need to import the certificate. See first answer here.



Dan Clark commented Sep 17 '14, 3:00 p.m.

Nick, Thanks for your quick response. To answer your questions:

- Yes, I can open a browser on the host running RTC and connect to https://host.com/jenkins
- I don't see anywhere that I need to add an additional port setting. I'm using the default https port 443
- Host.com has a certificate generated by my company using my company's RootCA certificate.
- Unchecking "Validate Hostname" has no effect on the error

Also, using the direct IP address of the host instead of the hostname has no effect on the error.

Your answer


Register or to post your answer.