Security Certificates
having upgraded to RTC 2.0 I am having problems with security certificates.
In terms of the certs and configuration there is no difference between v1 and v2 in that the cert is set to "localhost" rather than machine-name. But whereas logging to user-name on server-name happens automatically in v1, with v2 there is a problem with cert in that it does not match the machine name - which is true - server-name is a different word to localhost. The manual has a section on this and I have used ikeyman to create a new cert with server-name but still get the same problem. I am not that knowledgeable about security certs. I have seen a few other posts on this. I would like to know why this is a problem in V2 and yet V1 works OK when the configuration is the same. I can log into the repository using localhost but then I lose my work re user0name@server-name. The workarouds are to switch off security - would prefer to avoid that at the monent - or accept the certificate for the session, which works but is clunky. Many thanks. |
8 answers
https://bugs.eclipse.org/bugs/show_bug.cgi?id=214807
|
norricorp wrote:
having upgraded to RTC 2.0 I am having problems with security Hi, There are two different warning messages you can get regarding an invalid security certificate: 1 - The certificate is only valid for localhost. You can solve this one by creating a new certificate (which you have done). 2 - The certificate is self-signed. You must obtain a real certificate to solve this one. Now that you have created a self-signed certificate, does the error message displayed by the Eclipse client still complain about an incorrect server name? If so, something must have gone wrong with your creation/installation of your new self-signed security certificate. But the error dialog that reads "The certificate does not appear to be signed by a trusted certificate authority" will remain until you obtain a real certificate. I'm pretty sure that RTC 1.0 had the same requirements. There were a few early milestones where the RTC client did not validate that the server's certificate was not self-signed, but I'm pretty sure that problem was fixed by 1.0 GA. Thanks, Craig Chaney Jazz server team I have seen a few other posts on this. I would like to know why this |
|
Craig,
yes, I now get "the certificate does not appear to be signed by a trusted certificate authority" so looks like I need a real certificate. Having said that it does give me the option to accept the certificate permanently. It is interesting that despite an identical set of files and cert, my RTC 1.0.1 set up works fine. And I did not need to create a new certificate. I wonder if it is because I used my database from the earlier release which had the connections recorded? I would like to know why this error is appearing. But the important thing is that by accepting the new certificate permanently I no longer get the error dialog so that OK. Many thanks for your help. (Now to get the subversion integration working .....) John |
This only happens with upgraded installations. I have two RTC servers at
V2.0: one is upgraded and the other is a new install. This only happens with the upgraded server. "norricorp" <john> wrote in message news:h2kjhs$nic$1@localhost.localdomain... having upgraded to RTC 2.0 I am having problems with security |
We have the same issue. When I tried to login using RTC client I got the same message (Accept this certificate permanently). Once the client choose that choice, it's gone.
First, I create a new keystore file and add our company's Root and Intermediate CA Certificates. And after that I could successfully install the SSL certificate that was issued for RTC server. When I browse Jazz site via IE, there is no problem with the server certificate. All certificate chain seems valid, everything is ok. But using RTC client and tried to login I got that message. Any information would be helpful to get rid of this message without choosing permanent acception. We are using RTC 2.0.0.1 Regards, Seydim |
We have the same issue. When I tried to login using RTC client I got the same message (Accept this certificate permanently). Once the client choose that choice, it's gone. Hi Seydim, I have also the same problems. Actually, I migrated Jazz Team Server from Tomcat to WAS 7.0. While I was using tomcat, I created self-signed security certificate with keytool command inside of jazz server\jre\bin folder, after that I got message about accepting the certificate permanently, and I haven't got that message any more when starting RTC eclipse workspace. Now, I get that message always when starting RTC client on WAS, and don't know yet how to solve it! If you need help about setting the certificate for Tomcat, I can help you! Regards, milan |
milan.krivic@apis-it-dot-hr.no-spam.invalid (milan.krivic) wrote in
news:he71bh$12j$1@localhost.localdomain: Now, I get that message always when starting RTC client on WAS, and Which message ? is it that the server does not match the certificate and/or is this that the certificate is not trusted ? Which certificate is presented to you ? What is the name ? If you setup WAS, you need to enter the certificate in the WAS keystore. Did you configure it ? IF so, can you do a keytool -list to see the certificates ? -- Christophe Elek Jazz L3 IBM Software Group - Rational |
Hi, I'm getting same problem and I'm using RTC 3.0 already.
I believe the message is the certificate is not trusted. My main problem is that I'm doing a development on a Web application hosted by WAS using SSL. The login code to RTC will not work because it keep saying that it cannot communicate with my Jazz server because the certificate is not trusted (even though I have the personal signed certificate)... Now, "permanently accept the certificate through browser" as mentioned above works for trying to access the Jazz web...however, I cannot "permanently accept" the certificate through the Jazz SDK... and Yes, I have already added the self-signed certificate into my WAS's keystores...so currently running out of options. Any help is appreciated. Thanks. milan.krivic@apis-it-dot-*.no-spam.invalid (milan.krivic) wrote in Now, I get that message always when starting RTC client on WAS, and Which message ? is it that the server does not match the certificate and/or is this that the certificate is not trusted ? Which certificate is presented to you ? What is the name ? If you setup WAS, you need to enter the certificate in the WAS keystore. Did you configure it ? IF so, can you do a keytool -list to see the certificates ? -- Christophe Elek Jazz L3 IBM Software Group - Rational |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.