Server's Certificate is not trusted pop-up
I'm working on a network with one other developer that uses PHPStorm and intermittently throughout my usage of PHPStorm I get "Server's Certificate is not trusted" pop-up with an Accept/Reject button for stuff that doesn't concern me (but the other developer uses/owns).
Any way I can disable this behaviour from happening?
Please sign in to leave a comment.
Just in case it matters, I'm also running a Node.js instance using the Debugger.
Could you please show us a screenshot of this popup and also upload the IDE log somewhere when it pops up?
i too am having this problem using WEBstorm. This has just started happening since it was loaded onto a new MacBook Pro (2017) running Sierra (10.12.6). It happens on startup as well as during other times during the day. I will try to be more aware of what I am doing with WebStorm when the message is generated and will reply back if i can discern a pattern.
btw, not sure why the country of the 'issued to' certificate is listed as CZ.... is that correct?
here is the screenshot of the message, and below is a portion of the log that seems relevant.
2017-09-01 10:47:34,250 [ 131002] INFO - dvertisement.PluginsAdvertiser - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1546)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at com.intellij.util.io.HttpRequests.openConnection(HttpRequests.java:505)
at com.intellij.util.io.HttpRequests.access$300(HttpRequests.java:60)
at com.intellij.util.io.HttpRequests$RequestImpl.getConnection(HttpRequests.java:288)
at com.intellij.ide.plugins.RepositoryHelper$1.process(RepositoryHelper.java:156)
at com.intellij.ide.plugins.RepositoryHelper$1.process(RepositoryHelper.java:149)
at com.intellij.util.io.HttpRequests.lambda$doProcess$0(HttpRequests.java:414)
at com.intellij.util.net.ssl.CertificateManager.runWithUntrustedCertificateStrategy(CertificateManager.java:349)
at com.intellij.util.io.HttpRequests.doProcess(HttpRequests.java:414)
at com.intellij.util.io.HttpRequests.process(HttpRequests.java:394)
at com.intellij.util.io.HttpRequests.access$100(HttpRequests.java:60)
at com.intellij.util.io.HttpRequests$RequestBuilderImpl.connect(HttpRequests.java:262)
at com.intellij.ide.plugins.RepositoryHelper.loadPlugins(RepositoryHelper.java:149)
at com.intellij.ide.plugins.RepositoryHelper.loadPlugins(RepositoryHelper.java:104)
at com.intellij.ide.plugins.RepositoryHelper.loadPlugins(RepositoryHelper.java:96)
at com.intellij.ide.plugins.RepositoryHelper.loadPluginsFromAllRepositories(RepositoryHelper.java:76)
at com.intellij.openapi.updateSettings.impl.pluginsAdvertisement.PluginsAdvertiser$4.run(PluginsAdvertiser.java:318)
at com.intellij.openapi.application.impl.ApplicationImpl$2.run(ApplicationImpl.java:342)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at com.intellij.util.net.ssl.ConfirmingTrustManager.checkServerTrusted(ConfirmingTrustManager.java:122)
at com.intellij.util.net.ssl.ConfirmingTrustManager.checkServerTrusted(ConfirmingTrustManager.java:116)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
... 35 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 44 more
2017-09-01 10:47:34,493 [ 131245] WARN - tectAndAdjustIndentOptionsTask - Indent detection is too long for: App.js
2017-09-01 10:47:34,493 [ 131245] WARN - tectAndAdjustIndentOptionsTask - Indent detection is too long for: todo.js
2017-09-01 10:47:34,493 [ 131245] WARN - tectAndAdjustIndentOptionsTask - Indent detection is too long for: Titlebar.js
2017-09-01 10:47:34,625 [ 131377] INFO - tor.impl.FileEditorManagerImpl - Project opening took 126533 ms
2017-09-01 10:48:22,181 [ 178933] INFO - net.ssl.ConfirmingTrustManager - Certificate was accepted by user
2017-09-01 10:48:22,185 [ 178937] INFO - tor.impl.FileEditorManagerImpl - Project opening took 170685 ms
2017-09-01 10:48:22,742 [ 179494] INFO - s.webpack.WebPackConfigManager - webpack config evaluation took 227 ms
Hello,
Yes, JetBrains HQ is in Prague, CZ (hence the city and the country).
Looks like your system doesn't trust the issuer. Does it come up again if you accept this certificate?
To get rid of the pop up message go to below location and click on Accept non-trusted certificates automatically.
File | Settings | Tools | Server Certificates for Windows and Linux
IntelliJ IDEA | Preferences | Tools | Server Certificates for macOS
I have the same issue but different certificate that randomly pops-up. I don't recognize nothing about this certificate so I always reject it.
Is there a way to know where it comes from?
> Is there a way to know where it comes from?
It seems that it's coming from Settings | Tools | Tasks | Servers.
Thanks Eugene, but unluckily there's no server there.
Sorry, I've mistakenly taken system/tasks for something having relation to tasks.
What if you text search through the config folder (PhpStorm2017.3/config) for "gse.it", would it find something?
Thanks Eugene...
grep -ir "gse\.it" *
inside ".PhpStorm2017.3/config" returns nothing.
Does this window appear for a certain project only?
If so, it's worth checking the .idea folder for this project in the same way.
I have only one project so yes, it appears only for it.
I checked also the .idea folder and there are no occurrences.
started having this issue this Morning.
WebStorm 2020.2.2
Build #WS-202.7319.49, built on September 14, 2020
Licensed to Samuel Tissot-Jobin
You have a perpetual fallback license for this version
Subscription is active until October 31, 2021
Runtime version: 11.0.8+10-b944.31 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Linux 5.4.0-7642-generic
GC: ParNew, ConcurrentMarkSweep
Memory: 1981M
Cores: 8
Registry: editor.distraction.free.mode=true
Non-Bundled Plugins: IdeaVIM, com.intellij.lang.jsgraphql, com.intellij.swagger
Current Desktop: pop:GNOME
Samuel Tissot, this particular issue was caused by one of Nginx servers processing requests to hosted YouTrack getting an old certificate by mistake. Should've been fixed yesterday and work fine as of now.
I confirm that the issue has been fixed for me.
Thanks
https://intellij-support.jetbrains.com/hc/en-us/community/posts/115000131364/comments/360000012870
It saved my day really. Thanx so much. I thought there should be a box somewhere to accept non trusted sertificates.
BTW this fuckin' popup reappeares so quickly after being closed making it almost impossible to use the menus but I managed somehow. Thanks once again)
I am getting a similar message from CLion lately:
Hello. This banner has been popping up every day since the beginning of the year. Even if the certificates are accepted, the next day it pops up again. Tell me how can this be fixed?
O Fedoruk, the
A Root CA
name is wrong, between your machine and our server, something replaces the certificate making it invalid. The message thus is expected, there's no way to accept this invalid self-signed certificate forever.Please try to find what replaces the certificate, it shouldn't be this way.
I have a similar issue that just started:
Yep, it's the same thing. Unfortunately, there's nothing you can do currently to fix that yourself apart from stopping whatever replaces the certificate from doing so.
Here are relevant requests on our tracker:
https://youtrack.jetbrains.com/issue/IDEA-173599
https://youtrack.jetbrains.com/issue/IDEA-286325
https://youtrack.jetbrains.com/issue/IDEA-286341
For me, this was going away by deactivating the Github Plugin.
Deactivating the Github Plugin worked for me since I don't use Github this was not an issue.
Hi, a similar problem, how should I get a new certificate? Thanks.
Hfbrando, unfortunately, there's no easy answer. It depends on what service is using the certificate, the server admin must have this information.
You can try to work this around by enabling Settings | Tools | Server Certificates | Accept non-trusted certificates automatically.
I'm having the same problem on macos Monterey. How do I fix this?
On a quick search, *.goskope.com certificates belong to Netskope, do you use this software on your machine or is it being used in your network?
Yes. IT Dept has installed jamf bloatware that includes Netskope.
Thanks, that seems to be it. Is it possible to disable certificate check in Netskope or configure exclusions? (if there is such option)
I will try...