This article describes how to make Upsource connect to a VCS server using a self-signed certificate.
When testing connection to the repository you might get the following error:
List remote refs failed: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
svn: E200015: Server SSL certificate for `https://my-svn-server:443` rejected
Most likely you are using a self-signed certificate that is not trusted by the Java virtual machine Upsource is running on.
You will need to import your custom certificate into JVM.
To import the certificate you exported into trust.keystore, run the following command:
keytool -import -alias my-vcs-server-host -keystore <Upsource_dir>internal/java/linux-x64/jre/lib/security/cacerts -file path-to-certificate-file
where my-vcs-server-host is an alias of your VCS server specified in the certificate and <Upsource_dir>internal/java/linux-x64/jre/lib/security/cacerts is the path to the cacerts file inside the Upsource distribution. On Windows it can be found at <Upsource_dir>internal/java/windows-amd64/jre/lib/security/cacerts. If you are running Upsource using your own JVM rather than the bundled one, you should specify the path correspondingly.
Note: the default keystore password of the bundled JVM is changeit
Under Windows it is also possible to install the certificate using a GUI program:
- Download and install Portecle on the server running Upsource. Portecle is a user-friendly GUI application for managing certificates.
- Select Examine SSL/TLS Connection under Examine menu.
- Enter the SSL Host and Port of your VCS server.
- In the newly opened window, click on PEM encoding and save the .pem file.
- On the main screen, click Open an existing keystore from disk icon and select the cacerts file.
- Click the Import a trusted certificate into the loaded keystore icon, select the .pem file that you obtained in step 4 and export it to cacerts.
After that, restart the Upsource server and check if it can connect to the repo.
For more information please refer to the following Oracle article about self-signed certificates.