Jump to content
Plastic SCM forums are now in Unity. Click here to open the new forum ×

gusdpr

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Posts posted by gusdpr

  1. Sync replication using SSL servers doesn't work

    in Installation and configuration

    Posted

    I contacted Plastic support and they helped me to resolve the problem. Quoting Manuel from Codice software:

     

    "I think the issue is because the local Plastic SCM server is trying to automatically install the remote server certificate. This is only possible if you are the local 'Plastic SCM Server root' which is the repository server owner.

    It's always a good idea to change the default repository server owner to yourself if you are working distributed so you will have full control of your repository data.

    In order to do it: open the repositories view, right click in any of your local repositories and select "Repository server permissions", at the ACL dialog change the owner to yourself.

    After doing that retry the replication operation."


    To create your self-signed certificate follow the following instructions:

    http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/

    Then to convert the crt file generated from the instructions above to a pfx follow the next steps:

    http://www.networkinghowtos.com/howto/convert-certificate-file-from-crt-to-pfx-using-openssl/

    All the instructions use OpenSSL and I confirm they work

     

    Hopefully this helps everyone who had this issue before.

     

    Thanks Plastic staff!

    Gus

  2. Sync replication using SSL servers doesn't work

    in Installation and configuration

    Posted

    Hi Plastic SCM staff, Carlos,

     

    I started this topic a while ago, now that I finally I decided to pay my own Plastic monthly subscription I tried to do exactly the same thing as described in my first post. Unfortunately this problem persists!

     

    Using sync replication doesn't work with self signed certificates. However, creating a workspace by setting the "WorkspaceServer" in client.conf to point to the server by using ssl:// and port 8088 works perfectly fine, this shows the ssl connection is done successfully using this mode. Unfortunately this is not optimal for me and my team since we work in distributed mode (not centralized) so we need the replication functionality working with an encrypted connection and a self-signed certificate.

     

    The error that is shown in the sync replication window says "Error: Only the server administrator can accept a certificate on the server", this is shown after I try to replicate and a pop-up window says if I want to accept the certificate, pressing "Yes" shows the error (running Plastic with Administrator privileged makes no difference at all on Windows 7). The error makes no sense after trying with administrator access.

     

    Here is the server error log, it shows the real problem, the certificate was rejected because is not signed by a CA authority:

    2015-07-17 21:13:57,301 00000000-0000-0000-0000-000000000000 NT AUTHORITY\SYSTEM at MY-PC INFO  Channel - The certificate 1873BLAH has been rejected by the user
    2015-07-17 21:13:57,301 00000000-0000-0000-0000-000000000000 NT AUTHORITY\SYSTEM at MY-PC INFO  Channel - Rejected certificate validation info:
      Sender: System.Net.Security.SslStream
      Certificate:
        SHA1: 1873BLAH
        MD5: 790MEH
        Subject: CN=aaa.ccc.com, O=theserver, S=CA, C=US
        Issuer: CN=aaa.ccc.com, O=theserver, S=CA, C=US
        Expiration: 11/18/2018 12:43:06 AM
        Version: 3
      Chain:
        Policy:
          Revocation mode: NoCheck
          Revocation flags: ExcludeRoot
          Verification flags: NoFlag
          Verification time: 7/17/2015 9:13:57 PM
        Status lenght: 1
          * Status: UntrustedRoot
      SslPolicyErrors: RemoteCertificateChainErrors

    2015-07-17 21:13:57,301 00000000-0000-0000-0000-000000000000 NT AUTHORITY\SYSTEM at MY-PC ERROR Operations - OnError catching exception [An error occurred processing the request. No more information is available. Please, check the logs to get more information.] - Plastic server version: 5.4.16.666
    2015-07-17 21:13:57,301  NT AUTHORITY\SYSTEM at  ERROR ExceptionTracerSink - Dumping in-transit exception:An error occurred processing the request. No more information is available. Please, check the logs to get more information.
    2015-07-17 21:13:57,301  NT AUTHORITY\SYSTEM at  INFO  ChannelCall - recb:  1419|rect:  0|sentb:  3557|sendt:  0|prt:      32|th:   16|dest:   0|mt:      32|sert:   0|zip:   0|      10.0.0.169|GetReplicationSyncStatus
    2015-07-17 21:13:58,970 00000000-0000-0000-0000-000000000000 NT AUTHORITY\SYSTEM at MY-PC ERROR Operations - OnError catching exception [Only the server administrator can accept a certificate on the server.] - Plastic server version: 5.4.16.666
    2015-07-17 21:13:58,970  NT AUTHORITY\SYSTEM at  ERROR ExceptionTracerSink - Dumping in-transit exception:Only the server administrator can accept a certificate on the server.
     

    Further more, adding the self signed certificate as a CA and in the Plastic Client certificate folders using certmgr has absolutely no effect in this case, the same pop-up window is shown asking if I want to install the certificate and pressing yes makes the error happen on all cases.

     

    Please see the attached screenshots of the issue showing the error and another one showing using a non-distributed (centralized connection) workspace works without issues. This shows there is a possible bug in the sync replication functionality which has not been solved yet.

     

    Please fix this problem, it's been quite a while since this was reported :(. I'm using Plastic 5.4.16.666 - Barcelona at the moment.

     

    Regards,

    Gus

    post-28234-0-31474000-1437196671_thumb.png

    post-28234-0-85595100-1437197533_thumb.png

  4. Sync replication using SSL servers doesn't work

    in Installation and configuration

    Posted

    Hi all,

    I have tried using the newest Plastic SCM 5.4.16.619 (Nottingham) to see if this issue was solved. I still experience the same problem, however the server is a little more loud this time as well as the UI. These are the logs from both sides:

    Local server:

    2014-11-08 16:37:40,703 00000000-0000-0000-0000-000000000000 NT AUTHORITY\SYSTEM at GUS-PC ERROR Operations - OnError catching exception The authentication or decryption has failed.: zzz.yyy.com:8088. Internal: Channel SSL UI is not initialized

     

    Remote server:

     

    2014-11-08 16:35:44,335 (null) NT AUTHORITY\SYSTEM at (null) INFO  Channel - conn  268. Authentication failed because the remote party has closed the transport stream.

     

    Carlos, can we get some help to figure out what does "SSL UI" means for Plastic?

     

    Thanks,

    Gus
     

  5. Sync replication using SSL servers doesn't work

    in Installation and configuration

    Posted

    Hi Sam, thanks for sharing. Now I don't feel alone :)

     

    Here you have the steps I did to create my certificate using openssl, it works without a problem (look at the end of the thread). See David's response on the same thread where he clearly says the current instructions are supposedly to be obsolete to favor using pfx files instead:

     

    http://www.plasticscm.net/index.php?/topic/741-ssl-certificate-issues/?hl=openssl#entry3719

     

    Do not follow the guide that was shared to you on your other thread to create the certificate, it just doesn't work creating it with the .NET SDK. I already tried myself, use openssl.

  6. Sync replication using SSL servers doesn't work

    in Installation and configuration

    Posted

    Good day Plastic SCM staff,

     

    I have a problem regarding replicating two repositories using a SSL connection with Plastic SCM 5.0.44.600. Both repositories are in two different PCs running windows on my same network. One of the PC is the central server, it has a self signed certificate that has provent to work correctly since I have tested the following works fine:

     

    + Creating a workspace with SSL connection on the server itself (on a localhost SSL connection using the server's name per the certificate)

    + Direct client to server workspace using SSL connection (no local client repository involved). I can navigate the remote repository branches with the secure connection. Certificate installed properly when attempting to connect.

     

    So I know I don't have problems communicating securely with the server with those configurations. However the problem arises when I try to create a repository on the client and then replicate what's inside the server's repository using a secure connection. I get the following error in the UI panel when I try to replicate:

     

    "Error: The authentication or decryption has failed: myserver.yyy.zzz:8088"

     

    Changing the server's address with port 8087 works without issue. So I'm suspecting there is a bug or configuration issue somewhere. Can you help me to figure out what's wrong? Unfortunately there is no documentation on how to setup the configuration I'm working on. You really need to work on creating much more accurate information I needed to read multiple forums to get this working, existing documentation is very old and doesn't help much with more complex scenarios (like using and generating pfx files with plastic, what to do with the certificate on the clients, etc).

     

    * More info

     

    My workspace selector on the client (which works without a problem):

     

    repository "remote_repo@ssl://myserver.yyy.zzz:8088"

     

    Regards,

    Gus

    • Like 1
×
×
  • Create New...