My client-certificate toil, Part 2/2
As I already listed in the first post of this duet, I want to integrate my Eclipse installation with a 3rd-party managed configuration management environment. The first part of this post dealt with the integration of subversion, but now I want to integrate Mylyn with the Trac-environment that is part of the CMaaS providers offering.
This all starts with entering a new task repository in the “SVN Repository Exploring” perspective:
I selected the Trac repository type and clicked Next:
However, clicking ‘Validate Settings’ yields an error:
Uhoh…. The Mylyn FAQ indicates that this is caused by a missing certificate in the Eclipse keystore. It suggests executing the following command on a commandline:
keytool -import -keystore /path/to/.eclipsekeystore -file /tmp/certificate.pem
This would import the certificate into the keystore. Unfortunately, my certificate is in PKCS#12 format and not in PEM format which is required by the Java JDK keytool. Thus, keytool complains with an error: “keytool error: java.lang.Exception: Input not an X.509 certificate“.
We will need a way to convert the PKCS#12 certificate into a PEM certificate. This is best done using OpenSSL. A download for Windows XP can be found here. After downloading and installing OpenSSL, I executed the following commands on the commandline:
openssl pkcs12 -in cert.P12 -out userkey.pem -nocerts
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
openssl pkcs12 -in cert.P12 -out usercert.pem -nokeys -clcerts
Enter Import Password:
MAC verified OK
Now we have an almost usable certificate and a separate key. The openssl command includes a pre-amble in the certificate that keytools will complain about. Open userkey.pem in an editor and remove everything above the “—–BEGIN CERTIFICATE—–” line. After re-running keytool, the following output appeared:
keytool -import -keystore <path_to_eclipse_keystore>\.eclipsekeystore -file usercert.pem
Enter keystore password:
Re-enter new password:
< skipped output to protect the innocent >
Trust this certificate? [no]: yes
Certificate was added to keystore
Now the keystore is created and we can add it to eclipse by including the following lines in eclipse.ini:
-Djavax.net.ssl.keyStore=\path\to\.eclipsekeystore
-Djavax.net.ssl.keyStorePassword=123456
But what do you know… It still doesn’t work and the error shown below presents itself…
I found a bug in the Eclipse bugzilla that seems to refer to the exact same problem, therefore I think that this little quest is halted till this issue is solved. I’ll post updates when there are new developments.
Related posts:
As you may have read on this blog before, I’ve been trying to marry Mylyn to the company provided Trac server. This integration has been unsuccessful as to now, as I receive a handshake_failure every time I try to validate the settings:
I’ve decided to t
Finally! Mylyn is working in conjunction with encrypted client certificates. I started to think that this was impossible, as the server admins also have been fighting with client certificates in Java. But during my search on the Internet, I came across th