pchieffo Posted November 14, 2014 Report Share Posted November 14, 2014 I'm currently evaluating PlasticSCM and I'm running into a problem on the client where functions like replication and the proxy cache are not working. I believe this is because my server certificate was generated using the hostname. However, I can only access the server externally by IP address. When I do interactive commands I get a certificate warning dialog which I can click through, but internal systems don't seem to be able to handle this. So I need to regenerate the certificate with the IP address instead of the hostname. There is a KB article on generating a self signed certificate with makecert, but then there are other forum posts by Codeice support people saying this is outmoded and certificates should be generated as a .pfx file. There is also a link to a page describing how to do this with OpenSSL. So I'm following that and start to think, all I really want to do is get my proxy cache working, and now here I am installing OpenSSL on my server and starting a many step process to generate and install the certificate. It frankly seems a little cumbersome and overly complicated. When I installed the server, the installer generated a certificate for me automatically. Is there any way to just run whatever utility did that and generate a new certificate? I want to figure out a relatively simple process as my server will likely have to change IP now and then, and I may have to instruct other developers on how to update and change the configuration. Any help would be appreciated. Link to comment Share on other sites More sharing options...
manu Posted November 14, 2014 Report Share Posted November 14, 2014 Hi! Please review the article I'm attaching. It explains how to create new certificates, install them and accomplish the replications through SSL. MultiSSLSetup.pdf You need to make sure all the machine involve in the replication and the cache operations are having your certificate installed (the plastic scm server can't do it by itself so the certificate has to be installed in the machine, same applies for the cache server). If you have more questions we are here to help Link to comment Share on other sites More sharing options...
pchieffo Posted November 14, 2014 Author Report Share Posted November 14, 2014 Hi Manu, Thanks for the quick reply! These instructions worked great, I created the new certificate and installed it on the client and server without a problem. I can now start the Plastic client without any warnings or errors. Unfortunately the cache and replication are still not working. For the replication, I've tried it both ways, and I'm seeing the following errors: My server log looks like this: 2014-11-14 16:11:32,539 NT AUTHORITY\SYSTEM at INFO ChannelCall - recb: 526|rect: 0|sentb: 655|sendt: 0|prt: 0|th: 15|dest: 0|mt: 0|sert: 0|zip: 0| 192.168.1.134|GetRepositoryList 2014-11-14 16:11:53,129 00000000-0000-0000-0000-000000000000 NT AUTHORITY\SYSTEM at PCHIEFFO-PC INFO Operations - Get repository info default 2014-11-14 16:11:53,130 NT AUTHORITY\SYSTEM at INFO ChannelCall - recb: 753|rect: 0|sentb: 519|sendt: 0|prt: 0|th: 13|dest: 0|mt: 0|sert: 0|zip: 0| 192.168.1.134|GetRepositoryInfo 2014-11-14 16:11:53,938 00000000-0000-0000-0000-000000000000 NT AUTHORITY\SYSTEM at PCHIEFFO-PC ERROR Operations - Plastic server version: 5.0.44.616 2014-11-14 16:11:53,938 00000000-0000-0000-0000-000000000000 NT AUTHORITY\SYSTEM at PCHIEFFO-PC ERROR Operations - OnError catching exception The authentication or decryption has failed.: XXX.XXX.XXX.XXX:8088 2014-11-14 16:11:53,989 NT AUTHORITY\SYSTEM at ERROR Codice.CM.Server.ExceptionTracerSink - Dumping in-transit exception:There has been an unexpected error "The authentication or decryption has failed.: XXX.XXX.XXX.XXX:8088". For more information check the server log. 2014-11-14 16:11:53,991 NT AUTHORITY\SYSTEM at INFO ChannelCall - recb: 1312|rect: 0|sentb: 1886|sendt: 0|prt: 842|th: 15|dest: 0|mt: 826|sert: 16|zip: 0| 192.168.1.134|GetReplicationSyncStatus I'm able to connect and sync directly to this server from the client with no errors or dialogs, so the connection seems to work, except for the replication and proxy cache Thanks! Paul Link to comment Share on other sites More sharing options...
calbzam Posted November 17, 2014 Report Share Posted November 17, 2014 Hi, "I'm able to connect and sync directly..." --> You mean that you are able to perform the replica from the branch explorer --> right-click --> replicate?? If not, could you try it? Anyway, I´m going to test the same scenario to check if something is wrong with the sync view and SSL certifiates. Regards, Carlos Link to comment Share on other sites More sharing options...
pchieffo Posted November 17, 2014 Author Report Share Posted November 17, 2014 Hi Carlos, No, I'm not able to do that either. When I try to pull a branch from the remote server, I specify the server IP:port in the replication dialog, but when I try to browse for a repository I get a popup that says: "Unknown response message from server <IP>:<port>. So this doesn't work either. What I meant when I said I could connect directly is that on my local machine, I have set up a workspace that is connected to a repository on the remote server. I'm able to sync and check in to this repository from my local machine. I'm attempting to set up a proxy server to cache the sync operations to the remote server. I'm also attempting to set up a repository in my local server that is replicated to the remote repository. It's all of these operations that are failing. BTW, I know it's probably strange to be setting up all of these connection types in parallel. I'm doing that as part of the evaluation of PlasticSCM so I can get an idea of its functionality. But if I need to do these one at a time or in a certain sequence I can do that also, just let me know. Thanks, Paul Link to comment Share on other sites More sharing options...
pchieffo Posted November 18, 2014 Author Report Share Posted November 18, 2014 Also, as another data point, I set up a client on another machine locally. It's behaving the same way, I can connect to the remote repository directly, sync data, check in and check out, etc. but I can't run the proxy cache. It's reporting "Can't create channel sink" errors just like my first client. Link to comment Share on other sites More sharing options...
calbzam Posted November 18, 2014 Report Share Posted November 18, 2014 Hi, I´m able to reproduce the issue when using the sync view. We are going to review it, but using the Branch explorer or the command line, it should properly work: - Command line: cm replicate br:/main@default@localhost:8087 repoRemote@ssl://remoteServer:8088 - Branch explorer --> replicate: Remenber that you should enter something like:"ssl://serverName:8088" in the replication dialog (If don´t enter the protocol, you will not ble a to perform the replication). Regards, Carlos Link to comment Share on other sites More sharing options...
pchieffo Posted November 18, 2014 Author Report Share Posted November 18, 2014 I couldn't get the command line or GUI to work either. In the command line, I got several messages saying "CalculatingInitialChangeset" and then "Error: no such host is known" In the GUI, a dialog popped up that said "The authentication or decryption has failed: XXX.XXX.XXX.XXX:8088 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.