Jump to content

Command line and Certificate name issue


SilverKnight

Recommended Posts

Posted

Any idea how to solve this problem (short of turning off SSL connections)?

 

I want to perform a cm crt on a file listed as binary when it should be listed as text - so I created a batch file to run it for all such files.

When I actually installed and named the server, the server name is as displayed in the cert line below - Plastic01 with capital P.

The GUI works fine, and all of the .config files actually have it specified with a capital. -- the command line lists the server name in lower case.

WARNING: the secure connection hostname provided in the server
certificate doesn't match the server's hostname. This means that the
certificate was not issued to this hostname or that there is a network
configuration problem with this host.

- Certificate hostname: CN=Plastic01.gohealthcast.com
- Server hostname: CN=plastic01.gohealthcast.com

If you want to continue connecting to this host, choose 'Yes'. The certificate
  validation will continue (not recommended).
If you want to abandon the connection, choose 'No' (recommended).

Choose an option (Y)es, (N)o (hitting Enter selects 'No'):

no matter what option I use, it prompts with this message for EVERY file - even when I confirm to use it anyway, I get this message

The server you are connecting to has sent a certificate that is not in the
store. This is normal if it is the first time that you connect to this server.

Certificate details:
- Issued to: CN=Plastic01.gohealthcast.com
- Issued by: CN=Plastic01.gohealthcast.com
- Expiration date: 3/21/2023 5:20:13 PM
- Certificate hash: 7B1FA6D79BB4C567C30EE5DD23CCC24D0670EA71

If you trust this host, choose 'Yes' to add the key to Plastic SCM's key store
  (recommended if it is the first time you connect to this server).
If you want to carry on connecting just once, without adding the key to the
  store, choose 'No'.
If you do not trust this host, choose 'Cancel' to abandon the connection.


Choose an option (Y)es, (N)o, (C)ancel (hitting Enter cancels):

Hitting YES here lets the command execute, but does NOT put the cert name in the store, I expect because it shows correctly (and is probably already present under the store with the correct case in the name) - consequently, it continuously prompts for every file with no way to "mass confirm"

Posted

Hi,

 

Can you check if the certificate is properly stored? (Start --> Search --> certmgr.msc)

 

Can you run: "platic --configure" and check if the client is trying to connect to  Plastic01 server (with capital P)

 

Anyway, if you are trying to change the revision type from binary to text, you may find interesting this blog post: http://codicesoftware.blogspot.com/2008/03/custom-file-types.html

It explains how to configure "filetypes.conf" file to determine which files should be added as "binary" or "text".

 

Regards,

Carlos

Posted

It shows up in certmgr under:

Plastic Client\Certificates - Issued to Plastic01.gohealthcast.com and Issued By Plastic01.gohealthcast.com

So that looks correct.

 

plastic --configure shows

Plastic01.gohealthcast.com  -Port: 8088

Use encryption (SSL) checked

 

 

The only reason I need to actually switch from binary to text is that I performed a conversion of a CVS project - so it marked every file as binary during the export.

So, I wrote a batch file do mark all of my project code files as text - this is when I ran into the problem. -- there are about 10,000 files in the project, and it was being prompted for each one.

 

 

As the post above also shows, the certificate is correct
 

 

Certificate details:
- Issued to: CN=Plastic01.gohealthcast.com
- Issued by: CN=Plastic01.gohealthcast.com

 

 

Somehow, the server name will come back with the incorrect case when using the command line

 

- Certificate hostname: CN=Plastic01.gohealthcast.com
- Server hostname: CN=plastic01.gohealthcast.com

 

 

I was not able to find any configuration file with the lower-case server name, so it must pull this from the server dynamically to ensure it is connecting to a valid server by comparing the server name with the certificate - but it is case sensitive.

 

 

 

Not sure if it was a fluke or what, but I tried repeatedly (5-6 times) and it prompted every time.  I then tried to turn off SSL for the project, but was unsuccessful at switching it (there were a lot of errors as a result of re-configuring the client with an existing workspace) - however, after messing with it for a couple of hours and getting the project back to using SSL properly, the error went away.  Running the batch file after this attempted switch resulted in the first 2 files being prompted for, but then the remaining files worked properly with no further prompting.

  • 4 years later...
Posted

Could you give us more details? What is the error you are getting?

Are you using a custom certificate?

Could you run "cm lrep" from the Jenkins machine?

Regards,

Carlos.

Posted

Could you run the "cm lrep" command in your Jenkins machine? I t should ask you to store the certificate. After accepting the certificate, you shouldn't be requested to accept it again. 

Regards,

Carlos.

 

Posted

How can I acces to command console in Jenkins?

If I execute the command from the windows terminal, the option to store the certificate does not appear.

Regards.

Posted

Hello @alex_co,

15 hours ago, alex_co said:

How can I acces to command console in Jenkins?

It's not a Jenkins command console, it's a regular windows command console window as I can see you have Jenkins installed on a Windows machine. So open a command line window as the user running the Jenkins service (it might be the administrator but it's worth if you check it, you can open a command console using runas -> https://technet.microsoft.com/es-es/library/cc771525(v=ws.10).aspx), once you have the console run the "cm lrep" command, it should ask you to accept the certificate.

15 hours ago, alex_co said:

If I execute the command from the windows terminal, the option to store the certificate does not appear.

Yep, I think it's because the regular user you are using it's having the certificate already accepted, you need to do what's explained above with the jenkins windows service user.

Hope it helps!

Posted

Hi @manu,

1 hour ago, manu said:

Yep, I think it's because the regular user you are using it's having the certificate already accepted, you need to do what's explained above with the jenkins windows service user.

This was the problem. I've changed the user who starts the service and the error has disappeared.

Thanks a lot @manu and @calbzam!!

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...