Collaboration Plugin issues with GitHub and Digital Certificates on MAC

Started by rmoran, October 09, 2019, 21:16:54 PM

Previous topic - Next topic

rmoran

Getting an error in the collaboration plug-in:

PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

Have tried different JRE's and manually added github digital certificates to keystore with no luck. Access Github via GIT on the terminal on my Mac works fine, but the embedded SmartGit client seems to be having difficulty. Not sure how to resolve this.  Any help or suggestions would be appreciated.

Phil Beauvoir

Changing the JRE won't help. On Mac, the JRE is located inside the Archi.app bundle in a "jre" folder. Did you try looking in that JRE?

> the embedded SmartGit client

jGit
If you value and use Archi, please consider making a donation!
Ask your ArchiMate related questions to the ArchiMate Community's Discussion Board.

Manj75

I had this same problem that I gave considerable time to investigate and resolved, but it is for a Windows installation of Archi.

You need the following parameters in the Archi.ini to tell the JRE to use the specified Certificate Manager

-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT

not sure what value to use for Mac, but a quick look online I think if you are using the Apple JCA Provider then set it to KeychainStore, i.e.

-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=KeychainStore

https://stackoverflow.com/questions/14280578/how-to-set-up-java-vm-to-use-the-root-certificates-truststore-handled-by-mac-o

Hope this works for you.

rmoran

That worked.  I opened the Archi app package content on the Mac and updated the Archi.ini file in the eclipse folder to add the vmargs:

-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=KeychainStore

I re-started Archi and was successfully able to connect to the collaboration workspace to Github repository. 

Thanks for the help!

Manj75

Your welcome - happy to help.

Phil - it would be good to have this documented in the guide.  I can raise an issue for this if you want?

Phil Beauvoir

Manjit - thanks for your solution to this. If you like, you can edit the wiki yourself. If not, I can add it.
If you value and use Archi, please consider making a donation!
Ask your ArchiMate related questions to the ArchiMate Community's Discussion Board.

Manj75


Jean-Baptiste Sarrodie

If you value and use Archi, please consider making a donation!
Ask your ArchiMate related questions to the ArchiMate Community's Discussion Board.

Manj75


kkosienski

Ran into a similar issue on a Windows 10 laptop.  I followed the recommended procedure to update the Archi.ini file adding the VMARGS:

-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT

Unfortunately this did not work for me.   I have heard from a couple other Windows 10 users that this procedure did not work for them either.  The had to use the other recommended solve of actually installing the certificates in the CACERTS store used by the JRE Archi installs. Any thoughts on why the above procedure does not seem to work in cases of Windows 10 users?

Manj75

Hi kkosienski,

I have Archi installed on Windows 10 across the Architecture team and when I originally reported this problem, eventually finding the root cause and resolution as now detailed.  It does work on Win 10 - are you certain you have the correct certificates installed in the Windows Certificate Manager.

The specified vmarg parameters will instruct the JRE to use the native windows cert manager, but it will still need to have the correct certificate(s) installed.

You can possibly try a process of elimination of installing GIT for windows and trying to access the remote repository as that will also use the local certificate to establish a SSL connection.  If this also fails then you need to setup certificates.

Kind Regards,
Manjit