Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
This is not a question. This is an answer to a very specific case - if you are behind a domain integrated HTTP/HTTPS proxy that insists in intercepting the HTTPS traffic. And a small comment on security. This particular experience is from Talend 7.0.
It starts with:
Network is unavailable, please fix it.
Except... it is fully available as far as you know... You quickly find that you need a proxy configured. But it does not work. Talend stays stubbornly offline.
That is because the studio at startup tries to access talend.com over https and if it fails... well, you MUST be offline... Had to go read sourcecode on github for that bit of wisdom.
First clue can be found in workspace\.metadata\.log
There will be a bunch of SSL certificate chain validation errors for maven if the proxy is configured right. That's because your employer insists reading your ssl traffic and thus has substituted the certificate with a chain of it's own.
Security note - there will also be your proxy password in plain text. Not a good thing if it is also your domain password...
So what you can do about the SSL errors? If you do not have control over the jvm... not much. but if you do... you can import the naughty intercept CAs into java cacert store with keytool like so:
C:\Program Files\Java\jdk1.8.0_162>.\bin\keytool -keystore jre\lib\security\cacerts -importcert -alias aliasforca -file "c:\tmp\cacert.cer"
Enter keystore password:
Certificate was added to keystore
the password is changeit in all java installs.
you may wonder where I got the certs... well you can browse to site and see/export the cert chain used. And hey presto. It works.
Enjoy this small bit of wisdom
@thade wrote:
This is not a question. This is an answer to a very specific case - if you are behind a domain integrated HTTP/HTTPS proxy that insists in intercepting the HTTPS traffic. And a small comment on security. This particular experience is from Talend 7.0.
It starts with:
Network is unavailable, please fix it.
Except... it is fully available as far as you know... You quickly find that you need a proxy configured. But it does not work. Talend stays stubbornly offline.
That is because the studio at startup tries to access talend.com over https and if it fails... well, you MUST be offline... Had to go read sourcecode on github for that bit of wisdom.
First clue can be found in workspace\.metadata\.log
There will be a bunch of SSL certificate chain validation errors for maven if the proxy is configured right. That's because your employer insists reading your ssl traffic and thus has substituted the certificate with a chain of it's own.
Security note - there will also be your proxy password in plain text. Not a good thing if it is also your domain password...
So what you can do about the SSL errors? If you do not have control over the jvm... not much. but if you do... you can import the naughty intercept CAs into java cacert store with keytool like so:
C:\Program Files\Java\jdk1.8.0_162>.\bin\keytool -keystore jre\lib\security\cacerts -importcert -alias aliasforca -file "c:\tmp\cacert.cer"
Enter keystore password:
Certificate was added to keystore
the password is changeit in all java installs.
you may wonder where I got the certs... well you can browse to site and see/export the cert chain used. And hey presto. It works.
Enjoy this small bit of wisdom
Can you elaborate a bit more on this? The corporate cert should be imported into the store correct? The "-keystore" parameter doesn't appear to be valid so I removed it and was able to add the certificate but still get the error.
Yeah I tried changing to manual. Still just gives the X so I don't really know what the problem is.
