ironbelly Posted May 21, 2017 Report Share Posted May 21, 2017 I didn't find any clear documentation on this in particular about this specific case. https://www.plasticscm.com/documentation/administration/plastic-scm-version-control-administrator-guide.shtml#Chapter12:PlasticSCMSSLcertificates Exists however the wording and the reference to .pem, .cer anf .pfx files threw me off a bit as my wildcard cert from Comodo didn't come with any of those files. Anyways figured I would write some instructions for the next person finding themselves in this situation as it was very easy once I figured it out. If your experience was like mine you should have received a .crt .csr .key and maybe a .ca-bundle file which you may have created yourself. What you are missing for plastic SCM is a .pfx file, but fret not as it is very easy to make, just go to the dir with your key and crt files and run the following: openssl pkcs12 -export -out STAR_YOURDOMAIN_COM.pfx -inkey STAR_YOURDOMAIN_COM.key -in STAR_YOURDOMAIN_COM.crt Replacing STAR_YOURDOMAIN_COM with whatever the name of your domain or .key / .crt files are that you've received from your cert auth. That should generate a .pfx file, from there I just copied that file into my /opt/plastiscm5/server dir, and renamed the old ssl-certificate.pfx file to ssl-certificate.pfx.bak just to be safe. After this I went into my /opt/plasticscm5/server dir and opened up remoting.conf for editing, you should be looking for the following line: sslPfxFile="ssl-certificate.pfx" sslPfxFilePassword="|SoC|2ogBDa8GmifTjC7UKp4KuoF0/jWYlXy2" Replace the ssl-certificate.pfx with your file and replace the password with whatever you set when you created the file. If you didnt' specify a password you can have it empty (ie: sslPfxFilePassword="") The only thing I made sure of was that in my /etc/hosts file I had a hostname that linked up with this, ie: scm.mydomain.com That's it, restart the server and you should be off to the races without any more errors. Link to comment Share on other sites More sharing options...
manu Posted May 22, 2017 Report Share Posted May 22, 2017 Thank you for taking your time to find the way to generate the pfx file! And thank you too for sharing this with the community! Best, Manu. Link to comment Share on other sites More sharing options...
ironbelly Posted May 22, 2017 Author Report Share Posted May 22, 2017 I might have jumped the gun here in my celebrations.. While I no longer am prompted with the accept cert message everytime I connect I am unable to replicate from one repo to another on the same server. When I go look into the debug logs I see a few things, but this seems to stand out: Quote 2017-05-22 10:55:03,319 A-703 DEBUG Channel-SocketCallback - conn 148. awaked. total 73 2017-05-22 10:55:03,432 A-701 DEBUG Channel - The store 'Plastic Client' at 'CurrentUser' cannot be open. Error: Store Plastic Client doesn't exists. 2017-05-22 10:55:03,432 A-701 DEBUG Channel - The store 'Plastic Client' at 'CurrentUser' cannot be open. Error: Store Plastic Client doesn't exists. 2017-05-22 10:55:03,432 A-701 DEBUG Channel - The store 'My' at 'CurrentUser' cannot be open. Error: Store My doesn't exists. 2017-05-22 10:55:03,432 A-701 DEBUG Channel - The store 'My' at 'CurrentUser' cannot be open. Error: Store My doesn't exists. 2017-05-22 10:55:03,432 A-701 INFO Channel - Rejected certificate validation info: As well as this: Quote Chain: Policy: Revocation mode: NoCheck Revocation flags: ExcludeRoot Verification flags: NoFlag Verification time: 5/22/2017 10:55:03 AM Status length: 1 * Status: PartialChain SslPolicyErrors: RemoteCertificateChainErrors followed by this: Quote Server stack trace: at jw.a (System.IO.Stream A_0, System.String A_1, System.Boolean A_2) [0x000a6] in <2df62f03dc8e4921882c8e384f3e002d>:0 at nf.a (qk A_0, System.String A_1) [0x00007] in <2df62f03dc8e4921882c8e384f3e002d>:0 at nf.a (n9 A_0, qk A_1, System.Boolean A_2) [0x0001a] in <2df62f03dc8e4921882c8e384f3e002d>:0 at mq+a.a (oo A_0, n9 A_1) [0x00047] in <2df62f03dc8e4921882c8e384f3e002d>:0 at n9.a (oo A_0, ad A_1) [0x000c7] in <2df62f03dc8e4921882c8e384f3e002d>:0 at gx.a (oo A_0, ad A_1) [0x0000c] in <2df62f03dc8e4921882c8e384f3e002d>:0 at ij.a (System.Runtime.Remoting.Messaging.IMessage A_0, System.Runtime.Remoting.Channels.ITransportHeaders A_1, System.IO.Stream A_2, System.Runtime.Remoting.Channels.ITransportHeaders& A_3, System.IO.Stream& A_4) [0x00017] in <2df62f03dc8e4921882c8e384f3e002d>:0 Exception rethrown at [0]: at (wrapper managed-to-native) System.Object:__icall_wrapper_mono_remoting_wrapper (intptr,intptr) at (wrapper remoting-invoke) Codice.CM.Interfaces.IReplicationHandler:ContactServer (string) at Codice.CM.Server.ReplicationHandler.ContactServer (System.String server) [0x0003c] in <c34ccccc06bb430cb6150e6700c9fa7c>:0 at Codice.CM.Server.SecuredReplicationHandler.ContactServer (System.String server) [0x00009] in <c34ccccc06bb430cb6150e6700c9fa7c>:0 at Codice.CM.Server.TransactionInterceptor.ContactServer (System.String server) [0x00011] in <2c93e393a50e463bb3c24186b17d9d40>:0 2017-05-22 10:55:03,434 W-68 ERROR PlasticProto.ConnectionFromClient - Error in ProcessMethodCall for method ContactServer. An error occurred processing the request. No more information is available. Please check the logs to get more information. 2017-05-22 10:55:03,435 W-68 DEBUG PlasticProto.ConnectionFromClient - Server stack trace: at jw.a (System.IO.Stream A_0, System.String A_1, System.Boolean A_2) [0x000a6] in <2df62f03dc8e4921882c8e384f3e002d>:0 at nf.a (qk A_0, System.String A_1) [0x00007] in <2df62f03dc8e4921882c8e384f3e002d>:0 at nf.a (n9 A_0, qk A_1, System.Boolean A_2) [0x0001a] in <2df62f03dc8e4921882c8e384f3e002d>:0 at mq+a.a (oo A_0, n9 A_1) [0x00047] in <2df62f03dc8e4921882c8e384f3e002d>:0 at n9.a (oo A_0, ad A_1) [0x000c7] in <2df62f03dc8e4921882c8e384f3e002d>:0 at gx.a (oo A_0, ad A_1) [0x0000c] in <2df62f03dc8e4921882c8e384f3e002d>:0 at ij.a (System.Runtime.Remoting.Messaging.IMessage A_0, System.Runtime.Remoting.Channels.ITransportHeaders A_1, System.IO.Stream A_2, System.Runtime.Remoting.Channels.ITransportHeaders& A_3, System.IO.Stream& A_4) [0x00017] in <2df62f03dc8e4921882c8e384f3e002d>:0 Exception rethrown at [0]: at (wrapper managed-to-native) System.Object:__icall_wrapper_mono_remoting_wrapper (intptr,intptr) at (wrapper remoting-invoke) Codice.CM.Interfaces.IReplicationHandler:ContactServer (string) at Codice.CM.Server.ReplicationHandler.ContactServer (System.String server) [0x0003c] in <c34ccccc06bb430cb6150e6700c9fa7c>:0 at Codice.CM.Server.SecuredReplicationHandler.ContactServer (System.String server) [0x00009] in <c34ccccc06bb430cb6150e6700c9fa7c>:0 at Codice.CM.Server.TransactionInterceptor.ContactServer (System.String server) [0x00011] in <2c93e393a50e463bb3c24186b17d9d40>:0 and ending in this: Quote 2017-05-22 10:55:03,524 W-676 INFO Security - AuthPerCall running. bDontCheckAuth = [False] 2017-05-22 10:55:03,525 NetworkThread-17 DEBUG PlasticProto.ConnectionFromClient - conn 73. BeginReceive - setting callback 2017-05-22 10:55:03,525 W-676 00000000-0000-0000-0000-000000000000 ERROR Operations - OnError catching exception [Only the server administrator can accept a certificate on the server.] - Plastic server version: 6.0.16.920 2017-05-22 10:55:03,525 NetworkThread-17 DEBUG PlasticProto.ConnectionFromClient - conn 73. BeginReceive - callback set 2017-05-22 10:55:03,525 W-676 00000000-0000-0000-0000-000000000000 DEBUG Operations - OnError catching exception Only the server administrator can accept a certificate on the server. at Codice.CM.Server.SecuredInfoHandler.InstallServerCertificate (Codice.CM.Common.PlasticCertInfo cert, System.Boolean addToStore) [0x0001f] in <c34ccccc06bb430cb6150e6700c9fa7c>:0 at Codice.CM.Server.TransactionInterceptor.InstallServerCertificate (Codice.CM.Common.PlasticCertInfo cert, System.Boolean addToStore) [0x00011] in <2c93e393a50e463bb3c24186b17d9d40>:0 2017-05-22 10:55:03,525 W-676 ERROR PlasticProto.ConnectionFromClient - Error in ProcessMethodCall for method InstallServerCertificate. Only the server administrator can accept a certificate on the server. 2017-05-22 10:55:03,526 W-676 DEBUG PlasticProto.ConnectionFromClient - at Codice.CM.Server.TransactionInterceptor.InstallServerCertificate (Codice.CM.Common.PlasticCertInfo cert, System.Boolean addToStore) [0x0002f] in <2c93e393a50e463bb3c24186b17d9d40>:0 at Codice.CM.Server.TriggerInterceptor.InstallServerCertificate (Codice.CM.Common.PlasticCertInfo cert, System.Boolean addToStore) [0x00000] in <c01dd4b54ddf493d80eb3d18fe68891f>:0 at o3.h (Codice.CM.Common.Serialization.PlasticBinaryReader A_0, qq A_1) [0x00016] in <2df62f03dc8e4921882c8e384f3e002d>:0 at o3.a (PlasticPipe.PlasticProtocol.Messages.PlasticMethods A_0, Codice.CM.Common.Serialization.PlasticBinaryReader A_1, qq A_2) [0x000dd] in <2df62f03dc8e4921882c8e384f3e002d>:0 at g2.a (PlasticPipe.PlasticProtocol.Messages.PlasticMethods A_0, Codice.CM.Common.Serialization.PlasticBinaryReader A_1, jk A_2) [0x00012] in <2df62f03dc8e4921882c8e384f3e002d>:0 at g2.d () [0x000c9] in <2df62f03dc8e4921882c8e384f3e002d>:0 I'm confused by the "Only the server administrator can accept a certificate on the server." as my account is the server owner so I'm not sure what more I can do to elevate this account, I coudlnt' see any in the perms. Link to comment Share on other sites More sharing options...
manu Posted May 29, 2017 Report Share Posted May 29, 2017 Hi! Check this: https://www.plasticscm.com/documentation/security/plastic-scm-version-control-security-guide.shtml#Howtosetupanadministratoruser Setting the repository server owner (admin user) will remove, at least, the last error. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.