Getting an error in the collaboration plug-in:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Have tried different JRE's and manually added github digital certificates to keystore with no luck. Access Github via GIT on the terminal on my Mac works fine, but the embedded SmartGit client seems to be having difficulty. Not sure how to resolve this. Any help or suggestions would be appreciated.
Changing the JRE won't help. On Mac, the JRE is located inside the Archi.app bundle in a "jre" folder. Did you try looking in that JRE?
> the embedded SmartGit client
jGit
I had this same problem that I gave considerable time to investigate and resolved, but it is for a Windows installation of Archi.
You need the following parameters in the Archi.ini to tell the JRE to use the specified Certificate Manager
-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT
not sure what value to use for Mac, but a quick look online I think if you are using the Apple JCA Provider then set it to KeychainStore, i.e.
-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=KeychainStore
https://stackoverflow.com/questions/14280578/how-to-set-up-java-vm-to-use-the-root-certificates-truststore-handled-by-mac-o (https://stackoverflow.com/questions/14280578/how-to-set-up-java-vm-to-use-the-root-certificates-truststore-handled-by-mac-o)
Hope this works for you.
That worked. I opened the Archi app package content on the Mac and updated the Archi.ini file in the eclipse folder to add the vmargs:
-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=KeychainStore
I re-started Archi and was successfully able to connect to the collaboration workspace to Github repository.
Thanks for the help!
Your welcome - happy to help.
Phil - it would be good to have this documented in the guide. I can raise an issue for this if you want?
Manjit - thanks for your solution to this. If you like, you can edit the wiki yourself. If not, I can add it.
ok - I'll update the wiki to detail this
Hi,
I've just create this wiki page for that: https://github.com/archimatetool/archi-modelrepository-plugin/wiki/Use-SSL-TLS-with-local-or-private-PKI
Regards,
JB
Thanks JB - I never got round to creating the wiki ;)
Ran into a similar issue on a Windows 10 laptop. I followed the recommended procedure to update the Archi.ini file adding the VMARGS:
-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT
Unfortunately this did not work for me. I have heard from a couple other Windows 10 users that this procedure did not work for them either. The had to use the other recommended solve of actually installing the certificates in the CACERTS store used by the JRE Archi installs. Any thoughts on why the above procedure does not seem to work in cases of Windows 10 users?
Hi kkosienski,
I have Archi installed on Windows 10 across the Architecture team and when I originally reported this problem, eventually finding the root cause and resolution as now detailed. It does work on Win 10 - are you certain you have the correct certificates installed in the Windows Certificate Manager.
The specified vmarg parameters will instruct the JRE to use the native windows cert manager, but it will still need to have the correct certificate(s) installed.
You can possibly try a process of elimination of installing GIT for windows and trying to access the remote repository as that will also use the local certificate to establish a SSL connection. If this also fails then you need to setup certificates.
Kind Regards,
Manjit