Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

CRJAZ0099E An HTTP error occurred when this URL was being accessed

 Hello Team,


I am writing a plugin to access the current logged-in user and to assign the same user to a contributer list. but my SystemOut.log file logs the following error, Please help

CRJAZ0099E An HTTP error occurred when this URL was being accessed: /ccm/versionCompatibility?clientVersion=6.0.2. Error details: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
java.security.cert.CertPathValidatorException: The certificate issued by CN=CDRoot-AD-Root-CA, EMAILADDRESS=cdroot_pki@chrysler.com, OU=ITI/NC, O=Chrysler LLC, L=Auburn Hills, ST=Michigan, C=US is not trusted; internal cause is: 
java.security.cert.CertPathValidatorException: Certificate chaining error.

</pre>

0 votes



2 answers

Permanent link

The SSL exception is quite typical. To resolve the issue, you need to import the certificates of entire certificate chain, that is, the certificate you are receiving, its issuer's certificate, its issuer's issuer's certificate, and etc, down to the root certificate. The correct terms for them are, personal certificate, intermediate certificates and root certificate. If you search "certificate chaining error", you will get lots of hits.

You did not say how you run the plugin, so I cannot tell you exactly how to import the certificates. Usually, you need to import them into the truststore of the JRE that runs your plugin (or any Java applications involved).

0 votes

Comments

Thank You very much Donald!!!

I will try the same tomorrow at work, But just to let you know about my plugin, So that you can provide some more help on this.

My plugin is a followup action and executed when the workitem is saved, and my jts server is deployed on a linux bases server.

Please let me know if anything specific needs to be done.

That's interesting. Assuming that the JTS server where your plugin is deployed to, and the CCM server that you are trying to connect to, are in the same deployment, they should already be configured in a way that SSL connections can be established between them. Is it not the case?

The steps for exporting/importing SSL keys depend on the application server in use. If WAS, they are similar to those outlined in the section of "
Setup SSL Handshake between the WAS profiles and IHS"
https://jazz.net/wiki/bin/view/Deployment/ConfigureCLMEnterpriseReverseProxy

Basically, you export the personal certificate from the server that you are trying to connect to, and import it into the truststore/keystore of the server where the SSL connection is initiated.


Permanent link

 Hi Donald,

These are self signed certificates. It is deployed in a distributed environment with the reverse proxy set up and there are no issues with any cross application communication/handshakes. I have seen this in the past at multiple customers and I have had no issues given that this is test environment there were no CA issued certs.
Sudhir

0 votes

Comments

I'm a bit lost. Which part are you referring to? CA-signed or self-signed - it does not matter. As long as the SSL client does not recognize/accept the SSL certificate sending from the SSL server, the SSL connection will fail to establish. The function relying on the SSL connection will therefore fail.

If the error just randomly appears, in other words, the SSL connection sometimes works, sometime not, then it's a different issue.

 My comment was about the setup. Pankaj was this a client side plugin or a server side plugin? Since RTC has no issues communicating with JTS I would imagine the certs should not play a role....

 Hello Donald & Sudhir,

This is a server side plugin Java API (executed by follow-up action upon saving a workitem)

We are trying to access Active Users from our plugin

 IContributor contributor = null;

ITeamRepository repo = TeamPlatform.getTeamRepositoryService().getTeamRepository(iac.getRepositoryURI());

repo.registerLoginHandler((ITeamRepository.ILoginHandler)new LoginHandler("XXX", "XXX"));

repo.login(monitor);

IContributorHandle[] iContributorHandles = operation.getProcessArea().getMembers(); 

So the plugin fails to connect to the server which it is running on? So it's not between JTS and RTC. It's possible that the key store on the RTC server only contains a personal certificate (the one you see in the error message) without any server certificates (intermediate and root certificates that I mentioned in the other comment). Try to import the missing certificate into the key store and see how it goes.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Feb 14 '17, 5:48 p.m.

Question was seen: 6,792 times

Last updated: Feb 16 '17, 7:11 p.m.

Confirmation Cancel Confirm