Authentication error when attempting to authenticate with the Java Toolkit to 2016.2.1 On-premise.

Document ID : KB000006360
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

When using the CA Agile Central Java Toolkit to create a new connection to CA Agile Central On-Premise version 2016.2.1, you might get the following exception if you are using the default certificate within CA Agile Central:

 

“Error creating Rally asset: peer not authenticated”

 

Resolution:

Add the default certificate to the Java keystore. The method to do this will depend on your operating system.

The example below is for MAC OSx 10.10.5.

 

1. Export the certificate from your CA Agile Central On-Premise server to a temp file. (This can also be done in Firefox browser)

[User@tmp]$ echo -n | openssl s_client -connect <YOUR SERVER IP>:443 |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ca.crt

 

2. Find your $JAVA_HOME environment variable value.
[User@bin]$ /usr/libexec/java_home
/Library/Java/JavaVirtualMachines/jdk1.8.0_91.jdk/Contents/Home

 

3. Change directory to your $JAVA_HOME/jre/lib/security directory.
[User@security]$ cd `/usr/libexec/java_home`/jre/lib/security
[User@security]$ pwd
/Library/Java/JavaVirtualMachines/jdk1.8.0_91.jdk/Contents/Home/jre/lib/security

 

4. Use the Java Keytool command to import the certificate into the java keystore.
[User@security]$ sudo keytool -import -trustcacerts -keystore cacerts -noprompt -alias rallyonprem -file /tmp/cert.crt

NOTE: You will need to know your keystore password to run the above command. If you have forgotten, or do not know it, there are several public articles that describe how to create a new keystore and import your existing certificates.

5. In your connection code, you might need to use the IP address of your CA Agile Central On-premise server.
RallyRestApi(URI server, String userName, String password)