Server's Certificate is not trusted pop-up

I'm working on a network with one other developer that uses PHPStorm and intermittently throughout my usage of PHPStorm I get "Server's Certificate is not trusted" pop-up with an Accept/Reject button for stuff that doesn't concern me (but the other developer uses/owns).

Any way I can disable this behaviour from happening?

25 comments
Comment actions Permalink

Just in case it matters, I'm also running a Node.js instance using the Debugger.

0
Comment actions Permalink

Could you please show us a screenshot of this popup and also upload the IDE log somewhere when it pops up?

0
Comment actions Permalink

i too am having this problem using WEBstorm. This has just started happening since it was loaded onto a new MacBook Pro (2017) running Sierra (10.12.6). It happens on startup as well as during other times during the day. I will try to be more aware of what I am doing with WebStorm when the message is generated and will reply back if i can discern a pattern.

btw, not sure why the country of the 'issued to' certificate is listed as CZ.... is that correct?

here is the screenshot of the message, and below is a portion of the log that seems relevant.




 

2017-09-01 10:47:34,250 [ 131002] INFO - dvertisement.PluginsAdvertiser - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1546)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at com.intellij.util.io.HttpRequests.openConnection(HttpRequests.java:505)
at com.intellij.util.io.HttpRequests.access$300(HttpRequests.java:60)
at com.intellij.util.io.HttpRequests$RequestImpl.getConnection(HttpRequests.java:288)
at com.intellij.ide.plugins.RepositoryHelper$1.process(RepositoryHelper.java:156)
at com.intellij.ide.plugins.RepositoryHelper$1.process(RepositoryHelper.java:149)
at com.intellij.util.io.HttpRequests.lambda$doProcess$0(HttpRequests.java:414)
at com.intellij.util.net.ssl.CertificateManager.runWithUntrustedCertificateStrategy(CertificateManager.java:349)
at com.intellij.util.io.HttpRequests.doProcess(HttpRequests.java:414)
at com.intellij.util.io.HttpRequests.process(HttpRequests.java:394)
at com.intellij.util.io.HttpRequests.access$100(HttpRequests.java:60)
at com.intellij.util.io.HttpRequests$RequestBuilderImpl.connect(HttpRequests.java:262)
at com.intellij.ide.plugins.RepositoryHelper.loadPlugins(RepositoryHelper.java:149)
at com.intellij.ide.plugins.RepositoryHelper.loadPlugins(RepositoryHelper.java:104)
at com.intellij.ide.plugins.RepositoryHelper.loadPlugins(RepositoryHelper.java:96)
at com.intellij.ide.plugins.RepositoryHelper.loadPluginsFromAllRepositories(RepositoryHelper.java:76)
at com.intellij.openapi.updateSettings.impl.pluginsAdvertisement.PluginsAdvertiser$4.run(PluginsAdvertiser.java:318)
at com.intellij.openapi.application.impl.ApplicationImpl$2.run(ApplicationImpl.java:342)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at com.intellij.util.net.ssl.ConfirmingTrustManager.checkServerTrusted(ConfirmingTrustManager.java:122)
at com.intellij.util.net.ssl.ConfirmingTrustManager.checkServerTrusted(ConfirmingTrustManager.java:116)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
... 35 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 44 more
2017-09-01 10:47:34,493 [ 131245] WARN - tectAndAdjustIndentOptionsTask - Indent detection is too long for: App.js
2017-09-01 10:47:34,493 [ 131245] WARN - tectAndAdjustIndentOptionsTask - Indent detection is too long for: todo.js
2017-09-01 10:47:34,493 [ 131245] WARN - tectAndAdjustIndentOptionsTask - Indent detection is too long for: Titlebar.js
2017-09-01 10:47:34,625 [ 131377] INFO - tor.impl.FileEditorManagerImpl - Project opening took 126533 ms
2017-09-01 10:48:22,181 [ 178933] INFO - net.ssl.ConfirmingTrustManager - Certificate was accepted by user
2017-09-01 10:48:22,185 [ 178937] INFO - tor.impl.FileEditorManagerImpl - Project opening took 170685 ms
2017-09-01 10:48:22,742 [ 179494] INFO - s.webpack.WebPackConfigManager - webpack config evaluation took 227 ms

 

 

 

0
Comment actions Permalink

Hello,

Yes, JetBrains HQ is in Prague, CZ (hence the city and the country).

Looks like your system doesn't trust the issuer. Does it come up again if you accept this certificate?

0
Comment actions Permalink

To get rid of the pop up message go to below location and click on Accept non-trusted certificates automatically.

File | Settings | Tools | Server Certificates for Windows and Linux
IntelliJ IDEA | Preferences | Tools | Server Certificates for macOS           

51
Comment actions Permalink

I have the same issue but different certificate that randomly pops-up. I don't recognize nothing about this certificate so I always reject it.

Is there a way to know where it comes from?

1
Comment actions Permalink

> Is there a way to know where it comes from?

It seems that it's coming from Settings | Tools | Tasks | Servers.

0
Comment actions Permalink

Thanks Eugene, but unluckily there's no server there.

0
Comment actions Permalink

Sorry, I've mistakenly taken system/tasks for something having relation to tasks.
What if you text search through the config folder (PhpStorm2017.3/config) for "gse.it", would it find something?

0
Comment actions Permalink

Thanks Eugene...
grep -ir "gse\.it" *
inside ".PhpStorm2017.3/config" returns nothing.

0
Comment actions Permalink

Does this window appear for a certain project only?
If so, it's worth checking the .idea folder for this project in the same way.

0
Comment actions Permalink

I have only one project so yes, it appears only for it.

I checked also the .idea folder and there are no occurrences.

0
Comment actions Permalink

started having this issue this Morning.

 

 

WebStorm 2020.2.2
Build #WS-202.7319.49, built on September 14, 2020
Licensed to Samuel Tissot-Jobin
You have a perpetual fallback license for this version
Subscription is active until October 31, 2021
Runtime version: 11.0.8+10-b944.31 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Linux 5.4.0-7642-generic
GC: ParNew, ConcurrentMarkSweep
Memory: 1981M
Cores: 8
Registry: editor.distraction.free.mode=true
Non-Bundled Plugins: IdeaVIM, com.intellij.lang.jsgraphql, com.intellij.swagger
Current Desktop: pop:GNOME

0
Comment actions Permalink

Samuel Tissot, this particular issue was caused by one of Nginx servers processing requests to hosted YouTrack getting an old certificate by mistake. Should've been fixed yesterday and work fine as of now.

0
Comment actions Permalink

I confirm that the issue has been fixed for me.

 

Thanks

0
Comment actions Permalink

https://intellij-support.jetbrains.com/hc/en-us/community/posts/115000131364/comments/360000012870

It saved my day really. Thanx so much. I thought there should be a box somewhere to accept non trusted sertificates.

BTW this fuckin' popup reappeares so quickly after being closed making it almost impossible to use the menus but I managed somehow. Thanks once again)

0
Comment actions Permalink

I am getting a similar message from CLion lately:

0
Comment actions Permalink

Hello. This banner has been popping up every day since the beginning of the year. Even if the certificates are accepted, the next day it pops up again. Tell me how can this be fixed?

0
Comment actions Permalink

O Fedoruk, the A Root CA name is wrong, between your machine and our server, something replaces the certificate making it invalid. The message thus is expected, there's no way to accept this invalid self-signed certificate forever.

Please try to find what replaces the certificate, it shouldn't be this way.

0
Comment actions Permalink

I have a similar issue that just started:

0
Comment actions Permalink

Yep, it's the same thing. Unfortunately, there's nothing you can do currently to fix that yourself apart from stopping whatever replaces the certificate from doing so.
Here are relevant requests on our tracker:
https://youtrack.jetbrains.com/issue/IDEA-173599
https://youtrack.jetbrains.com/issue/IDEA-286325
https://youtrack.jetbrains.com/issue/IDEA-286341

0
Comment actions Permalink

For me, this was going away by deactivating the Github Plugin.

2
Comment actions Permalink

 Deactivating the Github Plugin worked for me since I don't use Github this was not an issue.

0
Comment actions Permalink

Hi, a similar problem, how should I get a new certificate? Thanks.

0
Comment actions Permalink

Hfbrando, unfortunately, there's no easy answer. It depends on what service is using the certificate, the server admin must have this information.
You can try to work this around by enabling Settings | Tools | Server Certificates | Accept non-trusted certificates automatically.

0

Please sign in to leave a comment.