search cancel

Authentication error when attempting to authenticate with the Java Toolkit to 2016.2.1 On-premise.


Article ID: 6360


Updated On:


CA Agile Central On Premise (Rally)


When using the CA Agile Central Java Toolkit to create a new connection to CA Agile Central On-Premise version 2016.2.1, you might get the following exception if you are using the default certificate within CA Agile Central:


“Error creating Rally asset: peer not authenticated”



Component: ACPREM


Add the default certificate to the Java keystore. The method to do this will depend on your operating system.

The example below is for MAC OSx 10.10.5.


1. Export the certificate from your CA Agile Central On-Premise server to a temp file. (This can also be done in Firefox browser)

[[email protected]]$ echo -n | openssl s_client -connect <YOUR SERVER IP>:443 |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ca.crt


2. Find your $JAVA_HOME environment variable value.
[[email protected]]$ /usr/libexec/java_home


3. Change directory to your $JAVA_HOME/jre/lib/security directory.
[[email protected]]$ cd `/usr/libexec/java_home`/jre/lib/security
[[email protected]]$ pwd


4. Use the Java Keytool command to import the certificate into the java keystore.
[[email protected]]$ sudo keytool -import -trustcacerts -keystore cacerts -noprompt -alias rallyonprem -file /tmp/cert.crt

NOTE: You will need to know your keystore password to run the above command. If you have forgotten, or do not know it, there are several public articles that describe how to create a new keystore and import your existing certificates.

5. In your connection code, you might need to use the IP address of your CA Agile Central On-premise server.
RallyRestApi(URI server, String userName, String password)