How to fix Repository Connection Certificate Problem
When I connect to RTC server with the Rational Team Concert client, Repository Connection Certificate Problem dialog will be poped up, even if I had followed Security certificates guide to disable it. Does anyone konw how to fix the problem?
The detail info is:
=======================================================
There is problem with certificate presented by the server when connecting to 'my-rtc-server'. The certificate host name does not match the server name.
Team Repository: https://my-rtc-server:9443/jazz
What would you like to do?
Option 1: Reject this certificate and do not connect this repository
Option 2: Accept this certificate temporarily for remainder of this session
OK Cancel
=========================================================
The detail info is:
=======================================================
There is problem with certificate presented by the server when connecting to 'my-rtc-server'. The certificate host name does not match the server name.
Team Repository: https://my-rtc-server:9443/jazz
What would you like to do?
Option 1: Reject this certificate and do not connect this repository
Option 2: Accept this certificate temporarily for remainder of this session
OK Cancel
=========================================================
4 answers
Hi Arvey,
you need to create a valid certificate. The one shipped with RTC has only localhost as a host name. A colleague provided me with these steps to create a key and export it. I am not sure about the parameters. You need to look into it.
Once you have a valid certificate that needs to be used by the application server. For Tomcat you can find the entries you need to change in the server.xml.
Ralph
you need to create a valid certificate. The one shipped with RTC has only localhost as a host name. A colleague provided me with these steps to create a key and export it. I am not sure about the parameters. You need to look into it.
Once you have a valid certificate that needs to be used by the application server. For Tomcat you can find the entries you need to change in the server.xml.
Create a key:
".\server\jre\bin\keytool" -genkey -alias somealias -keyalg RSA -validity 365 -keystore "my.keystore" -storetype JKS
export a key:
".\server\jre\bin\keytool" -export -alias somealias -keystore my.keystore -rfc -file "public.cert"
Ralph
When I connect to RTC server with the Rational Team Concert client, Repository Connection Certificate Problem dialog will be poped up, even if I had followed Security certificates guide to disable it. Does anyone konw how to fix the problem?
The detail info is:
=======================================================
There is problem with certificate presented by the server when connecting to 'my-rtc-server'. The certificate host name does not match the server name.
Team Repository: https://my-rtc-server:9443/jazz
What would you like to do?
Option 1: Reject this certificate and do not connect this repository
Option 2: Accept this certificate temporarily for remainder of this session
OK Cancel
=========================================================
Hi Ralph
Thanks your reply, Now we have found the root cause, The solution is that modify "SSL certificate and key management/Key stores and certificate-->NodeDefultkeyStore/Personal certificate" in WAS admin console.
Thanks your reply, Now we have found the root cause, The solution is that modify "SSL certificate and key management/Key stores and certificate-->NodeDefultkeyStore/Personal certificate" in WAS admin console.
Hi Arvey,
you need to create a valid certificate. The one shipped with RTC has only localhost as a host name. A colleague provided me with these steps to create a key and export it. I am not sure about the parameters. You need to look into it.
Once you have a valid certificate that needs to be used by the application server. For Tomcat you can find the entries you need to change in the server.xml.
Create a key:
".\server\jre\bin\keytool" -genkey -alias somealias -keyalg RSA -validity 365 -keystore "my.keystore" -storetype JKS
export a key:
".\server\jre\bin\keytool" -export -alias somealias -keystore my.keystore -rfc -file "public.cert"
Ralph
Hi Arvey,
Do you recall how you solved this problem? I don't quite understand the steps to take in your solution... If my updates are correct, I'm still wondering the exact menu's/key-click's that you opened in order for you to modify as you explain - how do you get to SSL certificate and key managment?:
*** The solution is to modify the "SSL certificate and key management/Key stores and certificate" to be "NodeDefaultkeyStore/Personal certificate"
*** It WAS previously set to "admin console".
Appreciate your help! This is exactly the solution I believe I need to perform.
Thanks,
Glenn Houk
Do you recall how you solved this problem? I don't quite understand the steps to take in your solution... If my updates are correct, I'm still wondering the exact menu's/key-click's that you opened in order for you to modify as you explain - how do you get to SSL certificate and key managment?:
*** The solution is to modify the "SSL certificate and key management/Key stores and certificate" to be "NodeDefaultkeyStore/Personal certificate"
*** It WAS previously set to "admin console".
Appreciate your help! This is exactly the solution I believe I need to perform.
Thanks,
Glenn Houk
Hi Ralph
Thanks your reply, Now we have found the root cause, The solution is that modify "SSL certificate and key management/Key stores and certificate-->NodeDefultkeyStore/Personal certificate" in WAS admin console.
Hi Arvey,
you need to create a valid certificate. The one shipped with RTC has only localhost as a host name. A colleague provided me with these steps to create a key and export it. I am not sure about the parameters. You need to look into it.
Once you have a valid certificate that needs to be used by the application server. For Tomcat you can find the entries you need to change in the server.xml.
Create a key:
".\server\jre\bin\keytool" -genkey -alias somealias -keyalg RSA -validity 365 -keystore "my.keystore" -storetype JKS
export a key:
".\server\jre\bin\keytool" -export -alias somealias -keystore my.keystore -rfc -file "public.cert"
Ralph
Hi Glennhouk,
I find a simple solution, just run /opt/IBM/WebSphere/AppServer/bin/ProfileManagement/pmt.sh to launch "Profile Management Tool", and then make sure the "host name" is full-dns name in "Node and Host name" configuration step.
=============================================================
I find a simple solution, just run /opt/IBM/WebSphere/AppServer/bin/ProfileManagement/pmt.sh to launch "Profile Management Tool", and then make sure the "host name" is full-dns name in "Node and Host name" configuration step.
=============================================================
Hi Arvey,
Do you recall how you solved this problem? I don't quite understand the steps to take in your solution... If my updates are correct, I'm still wondering the exact menu's/key-click's that you opened in order for you to modify as you explain - how do you get to SSL certificate and key managment?:
*** The solution is to modify the "SSL certificate and key management/Key stores and certificate" to be "NodeDefaultkeyStore/Personal certificate"
*** It WAS previously set to "admin console".
Appreciate your help! This is exactly the solution I believe I need to perform.
Thanks,
Glenn Houk
Hi Ralph
Thanks your reply, Now we have found the root cause, The solution is that modify "SSL certificate and key management/Key stores and certificate-->NodeDefultkeyStore/Personal certificate" in WAS admin console.
Hi Arvey,
you need to create a valid certificate. The one shipped with RTC has only localhost as a host name. A colleague provided me with these steps to create a key and export it. I am not sure about the parameters. You need to look into it.
Once you have a valid certificate that needs to be used by the application server. For Tomcat you can find the entries you need to change in the server.xml.
Create a key:
".\server\jre\bin\keytool" -genkey -alias somealias -keyalg RSA -validity 365 -keystore "my.keystore" -storetype JKS
export a key:
".\server\jre\bin\keytool" -export -alias somealias -keystore my.keystore -rfc -file "public.cert"
Ralph