- This topic has 6 replies, 3 voices, and was last updated 15 years, 5 months ago by nsoule.
-
AuthorPosts
-
nsouleMemberA 3rd party asset management plugin we are using needs to make an SSL connection. In the past we have imported the required certificate into the IDE’s JRE’s cacerts and had no problems. In RAD, as well as in an early release candidate version of MyEclipse Blue 7.1 this approach worked fine. In the GA version of MyEclipse Blue 7.1 the import of the certificate no longer seems to have any affect (we continue to get SSL handshake errors when trying to use the plugin). We can see the cert is present, but it doesn’t seem to help. Are there any other steps we might need to take in order to get this to work? Thanks!
Loyal WaterMemberHi,
Can you please explain the process to us in a bit more detail. I haven’t done that before but if you can give me some more details, I can kick it back to the dev team to take a look?
nsouleMemberHi sure, no problem. So we are working with a plugin for the Logidex asset repository tool. For use with this we have an SSL certificate file that we imported into the JRE’s cacerts file via the keytool app in the JRE’s bin directory (this can also be done via ikeyman which is a GUI version of keytool). So the command looked something like:
keytool -import -alias logidex.mycompany.com -file c:\tmp\certFile.cer -keystore ..\lib\security\cacerts
This command completed successfully, and I can verify that the cert is now in the store and has not expired. The JRE we tried installing this into was the one that ships with MyEclipse Blue. It’s installed here for us:
C:\Program Files\Genuitec\Common\binary\com.sun.java.jre.win32.x86_1.5.0.011\
We also tried installing the certificate into the default “Installed JRE” listed in the preferences of the IDE, but with no luck. Thanks for any help you can provide.
-Nate
Riyad KallaMemberNate that JRE installed with Blue is just an unzipped plain Sun JRE — what you are trying to do *should* be working assuming the JRE can find the certs file it’s trying to work with.
I’m not *that* familiar with certs, but if there is a command line arg to pass to the JRE so it can find the certs file, you can edit the myeclipse.ini file to add that command there — if there isn’t one, and it’s just suppose to find it from your user.home dir and cannot, you can tell MyEclipse to use a different JRE to launch itself with by adjusting what the -vm argument in the ini file is pointing at.
I hope that helps!
nsouleMemberThanks Riyad! I’ll experiment with pointing it to another JRE (tried this once with no luck, but will try a different JRE). We’ve also engaged the plugin vendor as it maybe something on that side. Thanks again.
nsouleMemberAfter retrying this with the May Pulse update the cacerts file is now accessed, but the cert is still not located (and I’ve verified that it is truly there, and the correct cert). This seems to be true with the default JRE, or any other.
nsouleMemberI just wanted to pass on some additional information that some people at my company had seen when testing the update – in case it proves helpful:
“we saw that a temporary jks-format certs file is created in the C:\Documents and Settings\[user]\Local Settings\Temp directory with the name pulseNNNNNjks every time MeB starts up. We analyzed this temp file with a key manager and it has several expired certs in it which may also cause problems. “
-
AuthorPosts