WebStorm. TFS plugin. SSL connection problem

HI there,

I use a smartcard to connect to my TFS via Visual Studio 2012. VS does it well: asks for the smartcard's PIN then establishes a connection. Unfortunately I can't reach the same result via WebStorm. It tells "Forbidden". idea_output.txt contains several responses from the server which begin with:

HTTP/1.1 403 Forbidden ( The page requires a client certificate as part of the authentication process. If you are using a smart card, you will need to insert your smart card to select an appropriate certificate. Otherwise, contact your server administrator.  )

It's really awkward to switch to VS each time just to check-out some files.


WebStorm TFS SSL bug.png
1 comment
Comment actions Permalink

I configured WebStorm to connect to TFS using a pkcs12 file - it contains my private key and certificate.
You can ask your administrator to give your cerificate and private key - in one pfx, or in one pkcs12 or in some other file format.
You shold know that you can't get your private key from SmartCard without administrator's password (SmartCard was initially created/formatted with these password).

If you can't get your private key then you should try to find out how to use keystore form your type of SmartCard within Java.
For my eToken, parameters will be the same as in this command:

$ keytool -keystore NONE -storetype PKCS11 -list -providerClass sun.security.pkcs11.SunPKCS11 -providerName SunPKCS11-eToken -providerArg /pathToConfig/eToken.cfg

but i didn't test it with WebStorm, because i had have pkcs12 file and i can don't use eToken usb key anymore))

Configuring WebStorm for using pkcs12/pfx file for using through ssl connection:
1. My admins give me pfx file, i convert it to pkcs12 file (with KeyChain in Mac OS X, you can convert it through keytool or openssl or maybe in both)
2. Edit WebStorm startup configuration file: /Applications/WebStorm.app/Contents/Info.plist

Edit this section:


<string>-ea -Dsun.io.useCanonCaches=false -Xverify:none -Xbootclasspath/a:../lib/boot.jar -Djavax.net.ssl.keyStore=pathToMyPKCS12KeyPair.p12 -Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.keyStorePassword=passwordForReadingPKCS12File</string>

Add these options: -Djavax.net.ssl.keyStore=pathToMyPKCS12KeyPair.p12 -Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.keyStorePassword=passwordForReadingPKCS12File
3. Run WebStorm and connect to tfs server through SSL connection.


Please sign in to leave a comment.