Eclipse UI: create repository using HTTPS and got Server not available error
search cancel

Eclipse UI: create repository using HTTPS and got Server not available error

book

Article ID: 246390

calendar_today

Updated On:

Products

Endevor Endevor - ECLIPSE Plugin

Issue/Introduction

Use Endevor Eclipse UI pluging to create repository - https://hostname:port 

Got "Server not available" error.

 

Environment

Release : 18.1

Component : ENDEVOR ECLIPSE PLUGIN 18.1.8

Cause

SSL handshake troubleshooting steps:

Update Eclipse.ini

-vmargs
-Djavax.net.debug=ssl:handshake:verbose   << add this line to Eclipse.ini

Right click Eclipse icon and choose properties, copy the full path to eclipse.exe
Open command prompt and issue the following command:
full_path_to_eclipse.exe -consoleLog -debug
This will start Eclipse in debug mode, create repository using HTTPS. 

Once issue got reproduced, go back to command prompt, cut and paste the whole contents into txt file and send it to Broadcom for tech support to review. 

Resolution

 Eclipse console log (-Djavax.net.debug=ssl:handshake:verbose added to vmargs in Eclipse.ini) shows:

"certificate_list": [
  {
    "certificate" : {
      "version"            : "v3",
      "serial number"      : "xxxxxxxx",
      "signature algorithm": "xxxxxxxxxxxxx",
      "issuer"             : "CN=xxxxxxx2",
      "not before"       : "yyyy-mm-dd hh:mm:ss.xxx EDT",
      "not  after"         : "yyyy-mm-dd hh:mm:ss.xxx EDT",
      "subject"            : "CN=xxxxxxx2",
      "subject public key" : "RSA",
      "extensions"         : [
        {
          ObjectId: 2.5.29.17 Criticality=false
          SubjectAlternativeName [
            IPAddress: xxx.xxx.xxx.xxx
            DNSName: xxxxxxxxxx2
          ]
        },

The Cerificate name is xxxxxxx2 with alternative DNS name xxxxxxxxx2

And here is the error showing in the log:

javax.net.ssl|ERROR|xxxxxxxx-client-async-executor-0|yyyy-mm-dd xx:xx:xx.xxx EDT|TransportContext.java:363|Fatal (CERTIFICATE_UNKNOWN): No subject alternative DNS name matching xxxxxx2 found.

Customer is using this URL to create the repository in Eclipse UI

https://xxxxxx2:port

SSL handshake failed since xxxxxx2 is not a matching alternative DNS name. 

Workaround: 

Since IP Address is also SubjectAlternativeName, customer can use

https://ipaddress:port 

to create Eclipse UI repository (the ipaddress is the ipaddress for Endevor Tomcat and must match the IPAddress value in the certificate SubjectAlternativeName. 

Solution: 

Update the certificate SubjectAlternativeName, the value of the DSN name must match hostname of the Tomcat server. 

Restart Tomcat after the change.

For self-signed certificate, user need to export the certificate from Tomcat server (via web browser or use keytool command to export the certificate from server side keystore), then import the certificate into Eclipse JVM truststore. 

Start Eclipse and create repository using https://hostname:port