Cannot connect to secure TFS 2015 server with Rad (Eclipse)

0
votes

Using RAD 8.5.5.2 with the latest TFS plug-in on Windows 7 Professional I get the following error when I attempt to connect to our secure TFS 2015 server. RAD 8.5.5.2 uses the Eclipse 3.6.3 platform.

Connection Failed

com.ibm.jsse2.util.j: PKD( path building failed:
java.security.cert.CertPathBuilderException: PKD(CertPathBuilderImpl
could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued
by CN=State of Missouri, DC = state, DC = mo, DC=us is not trusted;
internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error

RAD is installed in C:\Program Files\IBM\SDP and is running as an
administrator. I have imported the TFS server root certificate in
every carets file in the installation files which are

C:\Program
Files\IBM\SDP\runtimes\updi_v7X_64\uninstall\java\lib\security\cacerts
C:\Program
Files\IBM\SDP\runtimes\updi_v7X_64\java\jre\lib\security\cacerts
C:\Program
Files\IBM\SDP\runtimes\base_v7_stub\java\jre\lib\security\carets
C:\Program Files\IBM\SDP\runtimes\base_v7\java\jre\lib\security\carets
C:\Program Files\IBM\SDP\jdk\jre\lib\security\cacerts

I am trying to connect with no server running and no projects in the
workspace so I think the only file which needs the TFS root certificate is C:\Program Files\IBM\SDP\jdk\jre\lib\security\cacerts but when that
did not fix the issue I imported the certificate into the other cacerts files. I also imported the root certificate to my PC.

3
eclipsetfsibm-rad
Did this error only occurs when connecting to the secure TFS2015 server? Did you try to connect to a personal vsts(TFS online version) to narrow the issue if it's related to rad(Eclipse) or TFS server configuration. - PatrickLu-MSFT
I can connect to TFS with Visual Studio 2015. I can also connect through rad(Eclipse) if I uncheck the Accept Only Trusted Servers box in the TFS Plug-in. (That box is not available on the most recent plug-in). - ponder275

3 Answers

1
votes

It looks like your server is using a custom SSL that is not in the certificate chain for Java. You need to add it...

https://docs.oracle.com/javase/tutorial/security/toolsign/rstep2.html

You have to use Keytool to get your companies root certificate into the store.

0
votes

Do you have a WAS server installed in the workbench? Wondering if this is related to this problem

http://www-01.ibm.com/support/docview.wss?uid=swg1PI41436

If so then delete the WAS server from the Servers view, restart RAD, connect to TFS and then add WAS server again in Servers view.

If I recall correctly, this problem was solved on RAD 9.1.

Hope this helps.

0
votes

Your Eclipse version 3.6.3 is out of date. To connect TFS 2015, suggest you to update the RAD version and Eclipse version to latest.

For the old Eclipse version, there has some issues with the default proxy detection. Try to go to Window -> Preferences -> General -> Network Connections and set Proxy to anything other than Native. Such as Direct, Or yo Manual and configure your proxy settings manually.