Jump to content
Sam

The remote certificate is not valid according to the validation procedure

Recommended Posts

Hello everybody,

I suddently have a problem with one of my Plastic SCM client on Windows.

Everything worked well, but since last week I can't connect to my Plastic server anymore. Nothing changes in server config nor in my client config, but now I've got this message "The remote certificate is not valid according to the validation procedure" (see attached picture).

The server has an attached domain with a valid, not expirated, certificate. But, as my client is on the same network as the server and as my box can't do loopback (domain name pointing to itself) I have an entry in my client host file to redirect domain name to local server IP address. This worked for more than 3 years without problem.

The only thing that happened last week is that I used my PC out of office, so I removed the redirect line in my client host file in order to do my commit through "real" internet. This also worked properly. But a few hours later when I restarted Plastic from my office again (with local host redirection), it began to display the error message. Server and clients were in version 7.0.16.2604, I updated my Windows client to 8.0.16.3068 but the problem did not disappear.

Two other clients (on Mac) don't suffer from the problem and continu to reach the server without problem, locally or through internet.

So my question is : is there a kind of certificate cache on Windows client ? ... Perhaps wrong data was cached when I came back to my office. I tried to clear windows ssl state in "internet options" but it had no effect.

Any idea ?

Plastic certificate problem.JPG

Share this post


Link to post
Share on other sites

Hello,

Sorry to be a little bit insistant, but I really need a solution. My small company is really impacted by this problem as we can't commit/checkout on one of our most used computer.

Thanks a lot for help

Share this post


Link to post
Share on other sites

Hi Sam, If you are a customer, please always reach us at support@codicesoftware.com for a faster answer.

There shouldn't be cached information in the GUI client after restarting it.

If you drive to preferences, are you able to "check connection" with no issues? Are you configuring your client entering the server name (or IP)?

Could you send to our support email your client log? C:\Users\<user>\AppData\Local\plastic4\logs\plastic,debug.log.txt

If you re-enter the line in your client host file, doesn't it help?

Regards,

Carlos.

 

  • Thanks 1

Share this post


Link to post
Share on other sites

Thanks for the precisions, perhaps this could help someone else on this forum.

The "check connection" produces the same error message. I connect to my server with the domain name as I always did : ssl://dyn.my-sample-domain.com:8088

I will make another test out of my office (without the line in host file). At the moment the line is present, and ... the problem too !

I'll keep you in touch with the result of test. And, if there is no good news, I'll send the log file to support.

Sincerly

Samuel T.

Share this post


Link to post
Share on other sites

I confirm that the problem is also present out of office, directly without the host redirection.

I will send a message to the support

I'll keep you in touch

 

Share this post


Link to post
Share on other sites

We finally found the problem : the issuer of our certificate does not exists anymore, and its own certificate (that certify it was a trusted CA) was no more valid.

I use the command :

openssl s_client -connect dyn.my-sample-domain.com :8088 -showcerts 

That resulted on :

verify error:num=20:unable to get local issuer certificate

So we just regenerated a new certificate from another CA ( https://www.sslforfree.com/ that uses Let's Encrypt) and the problem was solved

A huge thanks to Carlos from Plastic SCM support team, who gave me the keys to locate and solve this (not-Plastic) issue.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...