SSL via Java API
Moderator: SourceGear
-
- Posts: 5
- Joined: Wed Apr 14, 2010 3:40 am
SSL via Java API
Hello, SourceGear Vault team!
I am the one responsible for TeamCity CI tool Vault integration.
We have a plugin which communicates with Vault server using Java API (ServerOperations, etc.) for retrieving history and sources in scope of TeamCity build process.
One of our users is trying to configure the plugin to connect to Vault 5.0.4 (18845) server using https (please see the corresponding thread at http://devnet.jetbrains.net/message/5286308#5286308).
In fact our plugin code runs following:
ServerOperations.client.LoginOptions.URL = "https://...";
ServerOperations.client.LoginOptions.Repository = "repo_name";
ServerOperations.client.LoginOptions.User = "username";
ServerOperations.client.LoginOptions.Password = "password";
ServerOperations.Login();
And that results in "server cannot be contacted or uses a protocol that is not supported by this client" error.
Any help on using https and Java API will by very much appreciated!
I am the one responsible for TeamCity CI tool Vault integration.
We have a plugin which communicates with Vault server using Java API (ServerOperations, etc.) for retrieving history and sources in scope of TeamCity build process.
One of our users is trying to configure the plugin to connect to Vault 5.0.4 (18845) server using https (please see the corresponding thread at http://devnet.jetbrains.net/message/5286308#5286308).
In fact our plugin code runs following:
ServerOperations.client.LoginOptions.URL = "https://...";
ServerOperations.client.LoginOptions.Repository = "repo_name";
ServerOperations.client.LoginOptions.User = "username";
ServerOperations.client.LoginOptions.Password = "password";
ServerOperations.Login();
And that results in "server cannot be contacted or uses a protocol that is not supported by this client" error.
Any help on using https and Java API will by very much appreciated!
Re: SSL via Java API
Victory,
A couple of thoughts off the top of my head:
a) Does the user know if there are any problems with the SSL Certificate? Non-trusted authorization? Expired certificate? Perhaps something about the certificate itself may lead you to the problem.
b) Perhaps using the SSL port in the connect string may help ex:-
c) Have you tried this internally against a test vault server running https? Assuming you have an SSL cert you can assign to a machine, you should be able to configure a test environment relatively quickly.
HTH
A couple of thoughts off the top of my head:
a) Does the user know if there are any problems with the SSL Certificate? Non-trusted authorization? Expired certificate? Perhaps something about the certificate itself may lead you to the problem.
b) Perhaps using the SSL port in the connect string may help ex:-
Code: Select all
https://development.healthcaresynergy.com:443/VaultService
HTH
Jeff Clausius
SourceGear
SourceGear
Re: SSL via Java API
Jeff,
a) There does not seem to be anything wrong with the certificate. If I use IE 8 on the same machine as TeamCity I am able to connect to the site without any problems using https. The ssl certificate is issued by Go Daddy Secure Certification Authority and is valid until 7/21/2013.
b) I tried to have the VCS root connect using https://development.healthcaresynergy.c ... ultService but got the same error message.
c) I assume this would be for the TeamCity developers to try.
Damien
a) There does not seem to be anything wrong with the certificate. If I use IE 8 on the same machine as TeamCity I am able to connect to the site without any problems using https. The ssl certificate is issued by Go Daddy Secure Certification Authority and is valid until 7/21/2013.
b) I tried to have the VCS root connect using https://development.healthcaresynergy.c ... ultService but got the same error message.
c) I assume this would be for the TeamCity developers to try.
Damien
Re: SSL via Java API
Addressing c)... Yes, but there is one thing you should try first. .NET is going to store SSL certificate values in one place, and the libraries used to convert this to Java are going to use a different spot. One way around this is to import the SSL certificate in Java's keystore.
This post Using SSL with the Eclipse Plugin or Java CLC has instructions for importing the certificate.
If that does work for you, please post back to the TeamCity site so their developers also know of a possible solution.
This post Using SSL with the Eclipse Plugin or Java CLC has instructions for importing the certificate.
If that does work for you, please post back to the TeamCity site so their developers also know of a possible solution.
Jeff Clausius
SourceGear
SourceGear
Re: SSL via Java API
Hi Jeff,
I followed the instructions to the best of my ability. Not a strong Java person. I was able to run keytool to import the certificate but TeamCity still does not allow me to connect to vault using https. The instructions said something about running the command as root but I was not able to figure out what that meant. That could be part of the problem.
I followed the instructions to the best of my ability. Not a strong Java person. I was able to run keytool to import the certificate but TeamCity still does not allow me to connect to vault using https. The instructions said something about running the command as root but I was not able to figure out what that meant. That could be part of the problem.
Re: SSL via Java API
It could this has to be done under the same credentials that TeamCity would be running under. I don't have any experience with TeamCity integration. Perhaps their support staff could use this info to develop some kind of solution.
Jeff Clausius
SourceGear
SourceGear
Re: SSL via Java API
I did do this under the same account that teamcity is running. I will check with the TeamCity support people to see what we can do to resolve this.
Thank you,
Damien
Thank you,
Damien
Re: SSL via Java API
After adding the certificate to the java keystore and rebooting the machine. TeamCity is now able to connect to Vault using https.
Thanks for your help.
Damien
Thanks for your help.
Damien
Re: SSL via Java API
NP. Was it simply a matter of running "keytool" and then rebooting?dmurty wrote:After adding the certificate to the java keystore and rebooting the machine. TeamCity is now able to connect to Vault using https.
Thanks for your help.
Damien
Jeff Clausius
SourceGear
SourceGear
Re: SSL via Java API
Yes,
Just had to run the keytool and then reboot.
Thanks,
Damien
Just had to run the keytool and then reboot.
Thanks,
Damien
-
- Posts: 5
- Joined: Wed Apr 14, 2010 3:40 am
Re: SSL via Java API
Jeff,
Thanks a lot for your help!
Is running Java keytool and then rebooting the machine mandatory for all TeamCity Vault plugin users?
Or in some cases certificate can be picked up by Vault Java API somehow without this procedure?
Thanks a lot for your help!
Is running Java keytool and then rebooting the machine mandatory for all TeamCity Vault plugin users?
Or in some cases certificate can be picked up by Vault Java API somehow without this procedure?
-
- Posts: 5
- Joined: Wed Apr 14, 2010 3:40 am
Re: SSL via Java API
* I mean all TeamCity Vault plugin users interested in using https connections
Re: SSL via Java API
Victory,vbedrosova wrote:Is running Java keytool and then rebooting the machine mandatory for all TeamCity Vault plugin users? Or in some cases certificate can be picked up by Vault Java API somehow without this procedure?
The keytool is definitely req'd (see the post above). Why it took a reboot in order for that to work? To be honest, I don't really know. Perhaps the information created from keytool is only available when a JVM starts, and all that was needed was a restart of the TeamCity process. It's hard to say w/ out working with that setup.
Jeff Clausius
SourceGear
SourceGear
-
- Posts: 5
- Joined: Wed Apr 14, 2010 3:40 am
Re: SSL via Java API
Ok, then I'll investigate this aspect.