Solving Eclipse Certificate Problems

Last modified 04 Oct 2021 15:31 +02:00
OBSOLETE
This functionality is obsolete. It is no longer supported or maintained. Please use the replacement functionality instead.

The problem with connecting to https://download.evolveum.com/downloads/midpoint-eclipse-plugin/ from Eclipse was that the certificate for the particular CA used by Evolveum (StartCom, Ltd.) was not included in cacerts file used by JRE used by Eclipse.

Perhaps the easiest way how to solve this problem is going around it. You can simply download the eclipse repository using web browser (choose most current ZIP file from here) and use it as "Archive…​" in the dialog here:

image2016 9 3 0 13 0

(The dialog is opened by clicking on "Add…​" in the upper right corner.)

The other, more complicated but also more correct way is to add the missing CA certificate into cacerts file.

Steps:

  1. Download CA certificate from this page: https://www.startssl.com/root (Use the first one - Root 1, downloading the DER version.)

  2. Check out what JRE is used by your Eclipse installation (Help → Installation details → Configuration)

    image2016 9 3 0 15 58
  3. Go to the directory of <java home>/lib/security (c:\program files\java\jre1.8.0_102\lib\security in this case) and enter the following command:

<path-to-JDK>\bin\keytool -keystore cacerts -importcert -alias startcom -file ca.crt

E.g.:

c:\java\jdk1.8.0_102\bin\keytool -keystore cacerts -importcert -alias startcom -file ca.crt

The cacerts file password is "changeit".

After restarting Eclipse everything should work.