Archi Forum

Archi Plug-ins => coArchi => Topic started by: rmoran on October 09, 2019, 20:16:54 PM

Title: Collaboration Plugin issues with GitHub and Digital Certificates on MAC
Post by: rmoran on October 09, 2019, 20:16:54 PM
Getting an error in the collaboration plug-in:

PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

Have tried different JRE's and manually added github digital certificates to keystore with no luck. Access Github via GIT on the terminal on my Mac works fine, but the embedded SmartGit client seems to be having difficulty. Not sure how to resolve this.  Any help or suggestions would be appreciated.
Title: Re: Collaboration Plugin issues with GitHub and Digital Certificates on MAC
Post by: Phil Beauvoir on October 10, 2019, 06:44:49 AM
Changing the JRE won't help. On Mac, the JRE is located inside the Archi.app bundle in a "jre" folder. Did you try looking in that JRE?

> the embedded SmartGit client

jGit
Title: Re: Collaboration Plugin issues with GitHub and Digital Certificates on MAC
Post by: Manj75 on October 10, 2019, 12:08:19 PM
I had this same problem that I gave considerable time to investigate and resolved, but it is for a Windows installation of Archi.

You need the following parameters in the Archi.ini to tell the JRE to use the specified Certificate Manager

-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT

not sure what value to use for Mac, but a quick look online I think if you are using the Apple JCA Provider then set it to KeychainStore, i.e.

-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=KeychainStore

https://stackoverflow.com/questions/14280578/how-to-set-up-java-vm-to-use-the-root-certificates-truststore-handled-by-mac-o (https://stackoverflow.com/questions/14280578/how-to-set-up-java-vm-to-use-the-root-certificates-truststore-handled-by-mac-o)

Hope this works for you.
Title: Re: Collaboration Plugin issues with GitHub and Digital Certificates on MAC
Post by: rmoran on October 13, 2019, 15:43:33 PM
That worked.  I opened the Archi app package content on the Mac and updated the Archi.ini file in the eclipse folder to add the vmargs:

-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=KeychainStore

I re-started Archi and was successfully able to connect to the collaboration workspace to Github repository. 

Thanks for the help!
Title: Re: Collaboration Plugin issues with GitHub and Digital Certificates on MAC
Post by: Manj75 on October 14, 2019, 08:23:58 AM
Your welcome - happy to help.

Phil - it would be good to have this documented in the guide.  I can raise an issue for this if you want?
Title: Re: Collaboration Plugin issues with GitHub and Digital Certificates on MAC
Post by: Phil Beauvoir on October 15, 2019, 09:47:28 AM
Manjit - thanks for your solution to this. If you like, you can edit the wiki yourself. If not, I can add it.
Title: Re: Collaboration Plugin issues with GitHub and Digital Certificates on MAC
Post by: Manj75 on October 15, 2019, 10:43:50 AM
ok - I'll update the wiki to detail this
Title: Re: Collaboration Plugin issues with GitHub and Digital Certificates on MAC
Post by: Jean-Baptiste Sarrodie on November 12, 2019, 10:07:10 AM
Hi,

I've just create this wiki page for that: https://github.com/archimatetool/archi-modelrepository-plugin/wiki/Use-SSL-TLS-with-local-or-private-PKI

Regards,

JB
Title: Re: Collaboration Plugin issues with GitHub and Digital Certificates on MAC
Post by: Manj75 on November 12, 2019, 12:36:54 PM
Thanks JB - I never got round to creating the wiki  ;)
Title: Re: Collaboration Plugin issues with GitHub and Digital Certificates on MAC
Post by: kkosienski on November 26, 2019, 21:08:54 PM
Ran into a similar issue on a Windows 10 laptop.  I followed the recommended procedure to update the Archi.ini file adding the VMARGS:

-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT

Unfortunately this did not work for me.   I have heard from a couple other Windows 10 users that this procedure did not work for them either.  The had to use the other recommended solve of actually installing the certificates in the CACERTS store used by the JRE Archi installs. Any thoughts on why the above procedure does not seem to work in cases of Windows 10 users?
Title: Re: Collaboration Plugin issues with GitHub and Digital Certificates on MAC
Post by: Manj75 on November 27, 2019, 08:11:32 AM
Hi kkosienski,

I have Archi installed on Windows 10 across the Architecture team and when I originally reported this problem, eventually finding the root cause and resolution as now detailed.  It does work on Win 10 - are you certain you have the correct certificates installed in the Windows Certificate Manager.

The specified vmarg parameters will instruct the JRE to use the native windows cert manager, but it will still need to have the correct certificate(s) installed.

You can possibly try a process of elimination of installing GIT for windows and trying to access the remote repository as that will also use the local certificate to establish a SSL connection.  If this also fails then you need to setup certificates.

Kind Regards,
Manjit