TFS over SSL and "unable to find valid certification path to request target"

Hello everyone, i'm trying to connect to TFS from IDEA and my TFS server is on SSL connection and for some reason i'm getting "unable to find valid certification path to request target" error. Is there any something special i should know about using/configuring IDEA with TFS??

Thank you,
Evi

4 comments
Comment actions Permalink

Hello Evgenios,

Looks like your server has an untrusted certificate. Current implementation of TFS integration does not display you the message box saying 'Do you trust server XXX?', but rather requires that you have registered your server's certificate in the "trusted" keystore of your JRE. You can find more details in this blog post.

Regards,
Kirill

0
Comment actions Permalink

Kirill, it was actually first thing i did, i googled around for this errer, found this sun site and grabbed this InstallCert, so what i did is executed in command line the follwoing

java -jar InstallCert.jar my_host_name

it generated me jssecacerts, which i put in jre6/lib/security

then again me tried to connect on this host and i've got the same error... am i doing something wrong?

0
Comment actions Permalink

Hello Evgenios,

No, looks like you're going it right... Let's turn on Java SSE debugging and look what's happening. You need to open the file <idea-installation-folder>\bin\idea.exe.vmoptions and add the line:

-Djavax.net.debug=all


Then open idea.bat file and add change the line

"%JAVA_EXE%" %JVM_ARGS% -cp "%CLASS_PATH%" %IDEA_MAIN_CLASS_NAME% %*

to

"%JAVA_EXE%" %JVM_ARGS% -cp "%CLASS_PATH%" %IDEA_MAIN_CLASS_NAME% %* >idea_output.txt


to have the console output, that may be rather long, redirected to the file idea_output.txt.

Then start idea.bat and try to connect to the server. Then check that idea_output.txt contains:

trustStore is: path\to\your\jssecacerts

and

adding as trusted cert:
  Subject: CN=your.server.host


Finally, under

*** ServerHello

line you need to have the same cerfiticate as the trusted one.

Regards,
  Kirill

0
Comment actions Permalink

just found what went wrong. IDEA actually having own jre folder... so i suppose to use this one when i install certificate, and i was always copying this file into my actual java folder... so it works fine, just managed to connect, so it does works fine . I wish this was mentioned somewhere in help files;)

Thanks for the assistance, guys.

Cheers,
Evi

0

Please sign in to leave a comment.