CRJAZ0099E An HTTP error occurred when this URL was being accessed
Hello Team,
CRJAZ0099E An HTTP error occurred when this URL was being accessed: /ccm/versionCompatibility?clientVersion=6.0.2. Error details: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=CDRoot-AD-Root-CA, EMAILADDRESS=cdroot_pki@chrysler.com, OU=ITI/NC, O=Chrysler LLC, L=Auburn Hills, ST=Michigan, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error.</pre>
2 answers
The SSL exception is quite typical. To resolve the issue, you need to import the certificates of entire certificate chain, that is, the certificate you are receiving, its issuer's certificate, its issuer's issuer's certificate, and etc, down to the root certificate. The correct terms for them are, personal certificate, intermediate certificates and root certificate. If you search "certificate chaining error", you will get lots of hits.
You did not say how you run the plugin, so I cannot tell you exactly how to import the certificates. Usually, you need to import them into the truststore of the JRE that runs your plugin (or any Java applications involved).
Comments
Thank You very much Donald!!!
That's interesting. Assuming that the JTS server where your plugin is deployed to, and the CCM server that you are trying to connect to, are in the same deployment, they should already be configured in a way that SSL connections can be established between them. Is it not the case?
The steps for exporting/importing SSL keys depend on the application server in use. If WAS, they are similar to those outlined in the section of "
Setup SSL Handshake between the WAS profiles and IHS"
https://jazz.net/wiki/bin/view/Deployment/ConfigureCLMEnterpriseReverseProxy
Basically, you export the personal certificate from the server that you are trying to connect to, and import it into the truststore/keystore of the server where the SSL connection is initiated.
Hi Donald,
Comments
I'm a bit lost. Which part are you referring to? CA-signed or self-signed - it does not matter. As long as the SSL client does not recognize/accept the SSL certificate sending from the SSL server, the SSL connection will fail to establish. The function relying on the SSL connection will therefore fail.
If the error just randomly appears, in other words, the SSL connection sometimes works, sometime not, then it's a different issue.
My comment was about the setup. Pankaj was this a client side plugin or a server side plugin? Since RTC has no issues communicating with JTS I would imagine the certs should not play a role....
Hello Donald & Sudhir,
ITeamRepository repo = TeamPlatform.getTeamRepositoryService().getTeamRepository(iac.getRepositoryURI());
repo.registerLoginHandler((ITeamRepository.ILoginHandler)new LoginHandler("XXX", "XXX"));
repo.login(monitor);
So the plugin fails to connect to the server which it is running on? So it's not between JTS and RTC. It's possible that the key store on the RTC server only contains a personal certificate (the one you see in the error message) without any server certificates (intermediate and root certificates that I mentioned in the other comment). Try to import the missing certificate into the key store and see how it goes.