Operations Orchestration (OO): Unable to connect to GIT from Studio

  • Document ID:KM02929086
  • Creation Date:28-Aug-2017
  • Modified Date:21-May-2021
    • Micro Focus Products:
      operations orchestration

Summary

Unable to connect to GIT from Studio. Receive error: unable to find valid certification path to requested target

Question

Unable to connect to GIT from Studio. Receive error: unable to find valid certification path to requested target.  How to resolve?

Answer

If you are using custom certificates in the Central, SVN, or GIT servers, in order for Studio to be able to work with these, you will need to import the trusted root certificate authority (CA) to the Studio client.truststore file. If you are using a well known root CA (like Verisign) you do not have to perform the following procedure, because the certificate will already be in the client.truststore file. 


By default, HPE OO supports all self-signed certificates. However, in a production environment, it is recommended to change this default to a custom CA or a well known CA for security reasons.


For a fresh .oo folder, Studio copies the client.truststore file from <installation.dir>/studio/var/security to the <user>/.oo folder. This is a one time action, in order to ensure that Studio can automatically import certificates (for example, for the Studio Remote Debugger). Studio will use this file as the client.truststore if it exists; otherwise, it will use the one
from the Studio installation (<installation.dir>/studio/var/security/client.truststore).

After an upgrade to 10.5x or later, the truststore location is the <user>/.oo folder. 

If you want to manually import a certificate, you can import it either to .oo/client.truststore or to client.truststore in the Studio installation folder.

If you are using multiple workspaces, the changes made to the client.trustore file located under the .oo folder will apply only to the specific workspace. In order to apply the change to all the newly created workspaces, edit the client.trustore file located in the Studio installation folder.

Note: The following procedure uses the Keytool utility that is located in <installation dir>/java/bin/keytool.


1. Close Studio and back up the original client.truststore file, located in <user>/.oo
For example, C:/Users/<username>/.oo

2. Edit the Studio.l4j.ini file from <installation dir>/studio.

3. Make sure that the -Dssl.support-self-signed value is set to false. This enables the trusted root certificate authority (CA).
For example:
-Dssl.support-self-signed=false


4. Make sure that -Dssl.verifyHostName is set to true. This verifies that the FQDN in the certificate matches the FQDN of the request.
For example:
-Dssl.verifyHostName=true

5. Import the trusted root certificate authority (CA) to the Studio client.truststore file if it doesn't already exist in the CA list (by default, all the well known CAs are there). Replace the parameters anyalias, path to the client.truststore, certificate_name.cer, and changeit.
keytool -importcert -alias <any_alias> -keystore <path to the
client.truststore> -file <certificate_name.cer> -storepass <changeit>

6. Start Studio.

For more information, please see the OO 10.70 Security and Hardening Guide and the section "Debugging a Remote Central with Studio" in the Studio Authoring Guide.