Accept this certificate permanently not working anymore
![]() Team Concert client keep asking what we would like to do with our self-signed certificate even if 'Accept this certificate permanently' option is flagged.
Error log view reports:
java.lang.RuntimeException: CRJAZ0109I Communications error.
Any advice?
Thanks in advance.
|
3 answers
![]()
I have seen this in other ssl contexts where the web server has self-signed certificates, but there is no signer certificate "visible" to the ssl client.
e.g. using openssl s_client -connect hostname.domain:port < /dev/null
returns but a single certificate, not a 'chain' of the certificate plus signer.
Certificate chain
0 s:/C=US/ST=NC/L=Raleigh/OU=HDC/CN=ciscat-r/emailAddress=email@email.com
i:/C=US/ST=NC/L=Raleigh/OU=HDC/CN=ciscat-ri/emailAddress=email@email.com
versus:
Certificate chain
0 s:/C=US/ST=Durham, NC/L=Durham, NC//CN=rtcserver1/mail=email@email.com
i:/C=US/O=International Business Machines Corporation/CN=IBM INTERNAL INTERMEDIATE CA
1 s:/C=US/O=International Business Machines Corporation/CN=IBM INTERNAL INTERMEDIATE CA i:/C=US/O=International Business Machines Corporation/CN=IBM Internal Root CA 2 s:/C=US/O=International Business Machines Corporation/CN=IBM Internal Root CA i:/C=US/O=International Business Machines Corporation/CN=IBM Internal Root CA
from our internally provided Certificate Authority.
|
![]()
It should not be the case since the certificate chain appears correct.
According to comments from source code at:
com.ibm.team.repository.transport.client.RemoteTeamService.getAppropriateException(RemoteTeamService.java:663)
we see it should be a special case which indicate transport errors:
658: if (0 == declaredExceptionTypes.length) {
We executed command as you suggest:
openssl s_client -connect hostname.domain:port < /dev/null
and it returned:
Comments You'd need to specify the hostname:port with actual values. I.e. Your RTC's host name and port must be the value to the argument -connect
Sure, we did that! ;)
Cheers.
|
![]() We resolved removing old local certificates as reported in https://jazz.net/forum/questions/108227/where-does-the-permanently-accepted-certificates-get-saved-in-the-rtc-eclipse-clients/108228.
Cheers.
|