"Unable to find valid certification path to requested target" running Eclipse Application on WSS Agent host
Article ID: 233987
Updated On:
Products
Issue/Introduction
WSS Agent users running Eclipse Application on Windows
If we disable WSS agent the user is able to login and access Application
If we enable WSS agent the user gets an error :
"MarketplaceDiscoveryStrategy failed with an error
Cannot complete request to https://marketplace.eclipse.org/api/p?client=org.eclipse.epp.mpc.core&os=win32&platform.version=4.20:
Unable to read repository at https://marketplace.eclipse.org/api/p?client=org.eclipse.epp.mpc.core&os=win32&platform.version=4.20.
Unable to read repository at https://marketplace.eclipse.org/api/p?client=org.eclipse.epp.mpc.core&os=win32&platform.version=4.20.
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
Environment
WSS Agent (All versions)
Eclipse Application
Cause
Certificate pinning enabled on Eclipse Application
Resolution
Needed to bypass the following two domains from SSL interception for Eclipse to load and read in project:
- www.eclipse.org and
- marketplace.eclipse.org
Additional Information
When looking at the PCAPs of traffic through the tunnel, and filtering on all TLS sessions, we clearly see that the TLS sessions to the above two domains fail with a fata TLS certificate unknown error.
This error is returned by the client (WSS agent) in response to the WSS issued server certificate, that the client was not expecting
Bypassing these domains from SSL inspection allows the server certificate sent by origin server to be passed through untouched and address the issue.
Feedback
