Rally - certificate verify failed on request Error when using work item connector

book

Article ID: 206075

calendar_today

Updated On:

Products

CA Agile Central SaaS (Rally) Rally Saas CA Agile Central On Premise (Rally) Rally Perpetual Hosted

Issue/Introduction

When running a work item connector such as the HP ALM or Jira connector and using an HTTPS connection, the connector fails and the following error is shown in the logs:

2021-01-06 07:51:32 Z - RallyEIF::WRK::QCConnection.initialize - Unable to connect to https://jira.company.com/qcbin: Exception raised in authenticate QCAPI: - rescued exception - SSL_connect returned=1 errno=0 state=error: certificate verify failed on request to https://jira.company.com/qcbin/authentication-point/authenticate

 

 

Cause

The error is due to the use of, what Ruby believes to be, an untrusted certificate.  This is most often seen when using a self-signed certificate or a certificate issued by a private certificate authority as opposed to public certificate authorities such as Digicert or Verisign.

Ruby maintains its own root certificate store, so it is necessary to add your certificate chain to its certificate store.  

Environment

Release : 1.0

Component : API FOR AGILE CENTRAL

Resolution

As this is something that can vary from operating system to operating system and not directly related to the connector, we are limited in our ability to support this process.

Here are some links that may be helpful for resolving this error:

 

As a workaround, it is possible to disable the verification of the certificate in Ruby, but the connector will still pass encrypted traffic. By doing this, there is no way the connector will know that someone has tampered with the certificate.

To disable the certificate verification in the connector:
Log into your server that you're setting up with the connector
Run 'gem environment' to locate your gems directory (mine is /var/lib/gems/2.2.0/gems)
$ sudo vi httpclient-2.6.0.1/lib/httpclient/ssl_config.rb
Scroll down to line 87 and change it to read:
@verify_mode = SSL::VERIFY_NONE
Save it and run the connector.