It's all about the answers!

Ask a question

How to create RTC build engine with Jenkins using SSL

Dan Clark (1824) | asked Sep 17 '14, 2:17 p.m.
When configuring the build engine in RTC I input the https address of the jenkins server. When I go to test the connection I get an SSL handshake error (listed below). I think this is because I have to configure the RTC server, or WebSphere on the RTC server, to accept the certificate and the CA. Does anyone have any suggestions or links to articles on how to configure ssl properly so the build engine and build will work with SSL?

Connection test requested.
    Connecting to:
    Exception: Received fatal alert: handshake_failure
    Test connection FAILED!

Accepted answer

permanent link
Brett Waldo (1101521) | answered Sep 17 '14, 9:41 p.m.
 So, I work with the OP and after a bunch of hours tracking this down, I eventually found the issue was the jenkins server apache configuration was using SSLv3. Commenting that out and using only v2 fixed the issue. There are possibly other ways to fix the issue but that is well beyond my skills.

I figure one of these has a bug, or an incompatiblity with SSL v3:
Eclipse Luna
RTC eclipse plugin v5.0.1
Websphere 8.5
Java 1.7u65
Jenkins 1.551
Apache 2.2.15

Dan Clark selected this answer as the correct answer

Dan Clark commented Sep 17 '14, 9:55 p.m.

That fixed the problem. As soon as I disabled SSLv3 the whole thing worked. I can even check "Validate HostName"

Perhaps this should be filed as a bug against RTC? or is this just an issue with SSL in general?

Nick Edgar commented Sep 18 '14, 9:24 a.m.

Good to hear, and thanks for letting us know. The H/J integration in RTC currently uses Java's HttpURLConnection obtained via URL.openConnection(), with an "allow all" host name verifier set if "Validate Hostname" is unchecked. So I suspect it's an issue with Java itself. As per this post, you could try adding -Dhttps.protocols=SSLv3 to the startup options for the RTC server.

One other answer

permanent link
Nick Edgar (6.5k711) | answered Sep 17 '14, 2:46 p.m.
Hi Dan, some things to check:
- can you connect to in a browser on the same machine running the RTC server?
- is it missing a port setting?
- does have a valid certificate?
- if you uncheck 'Validate Hostname' in the build engine editor, does test connection work?

Nick Edgar commented Sep 17 '14, 2:48 p.m.

If it works with Validate Hostname unchecked, but you want to run with it checked, then you may need to import the certificate. See first answer here.

Dan Clark commented Sep 17 '14, 3:00 p.m.

Nick, Thanks for your quick response. To answer your questions:

- Yes, I can open a browser on the host running RTC and connect to
- I don't see anywhere that I need to add an additional port setting. I'm using the default https port 443
- has a certificate generated by my company using my company's RootCA certificate.
- Unchecking "Validate Hostname" has no effect on the error

Also, using the direct IP address of the host instead of the hostname has no effect on the error.

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.