lethil Posted February 24, 2013 Report Share Posted February 24, 2013 Hello! I'm currently evaluating PlasticSCM for our team and it is great so far! I've run into a snag though. I was previously running the server on Windows Server 2008 R2 in Active Directory authentication, but my team ran into a problem because the remote machines weren't part of the same domain. We've switched over to LDAP authentication set for Active Directory, but there's a snag. We can connect without SSL, but we get the following error: "The authentication or decryption has failed.: domainname.net:8088" According to what I've found, it sounds as though the self-signed cert wasn't enough for LDAP auth. I tried a domain-specific self-signed cert, but it still had the same problem. I decided to move to our official wildcard PFX cert (P12 export), which has *.domainname.net on it. It gives me the exact same error. We also tried hitting the site with "www.domainname.net" but we had the same error again. For the time being, we're using unencrypted connections for our evaluation until we can figure this out. Any idea what the issue could be? Thanks! Jason Link to comment Share on other sites More sharing options...
manu Posted February 25, 2013 Report Share Posted February 25, 2013 Hi Jason, We can connect without SSL, but we get the following error: "The authentication or decryption has failed.: domainname.net:8088" Can you confirm that you are getting that error with the regular connection mode? Do you think it's possible to arrange an online meeting for this week in order to get more information? Link to comment Share on other sites More sharing options...
lethil Posted February 25, 2013 Author Report Share Posted February 25, 2013 I'm not 100% sure what you mean by "regular connection mode". Do you mean without HTTPS? I can connect via LDAP on HTTP using domainname.com. I am available in the evening between tonight and Wednesday night after 7pm. I'm in the Pacific Time Zone. Link to comment Share on other sites More sharing options...
manu Posted February 26, 2013 Report Share Posted February 26, 2013 Hi lethil, sorry, I meant without the SSL connection. The regular one using the 8087 port instead of 8088. Link to comment Share on other sites More sharing options...
lethil Posted February 26, 2013 Author Report Share Posted February 26, 2013 Yes. I can connect to 8087 without difficulty with LDAP-based authentication. Link to comment Share on other sites More sharing options...
manu Posted February 26, 2013 Report Share Posted February 26, 2013 Ok, in that case it seems that there's an issue reading/sending the custom certificate. Can you please tell us how the certificate was generated? Link to comment Share on other sites More sharing options...
lethil Posted February 26, 2013 Author Report Share Posted February 26, 2013 It's a godaddy cert that was generated on IIS7 and exported for other use. We've currently used this pfx on 2 other IIS machines and it's running in Tomcat successfully on our JIRA instance. Link to comment Share on other sites More sharing options...
lethil Posted February 27, 2013 Author Report Share Posted February 27, 2013 Good news! I discovered that I'm able to connect successfully, despite the error given while testing the connection. If I ignore the error during the connection test and finish the wizard, I'm able to connect via SSL and interact with the repository. I still get the warnings about the SSL not matching though. I'm guessing that the application is making assumptions that a wildcard domain (like *.domainname.net) doesn't match a root domain (like domainname.net) and errors out somewhere in the code. In short, it's not a great startup experience since I have to accept the "errors" about my SSL domain not matching, but it works. . Link to comment Share on other sites More sharing options...
lethil Posted February 28, 2013 Author Report Share Posted February 28, 2013 Also worth noting, the SSL connection as described above doesn't work for the TeamCity functionality. I'm forced to use non-SSL in order for the TeamCity builds to work. Link to comment Share on other sites More sharing options...
manu Posted March 1, 2013 Report Share Posted March 1, 2013 I see, I'll insert the issue into our bug tracking system. Thanks for reporting it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.