MCUXpresso IDE v11.7.0 [Build 9198] [2023-01-17] Network Proxy Config fails

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

MCUXpresso IDE v11.7.0 [Build 9198] [2023-01-17] Network Proxy Config fails

跳至解决方案
1,660 次查看
billchadwick
Contributor III

On 11.6, we could set up the Network proxy for our corporate HTTPS proxy which uses untrusted certificates. We added our proxy's untrusted certificates to the jre key store associated with the IDE.

On 11.7, something about the  Network proxy setup is changed and broken. The approach above no longer works.

I observe that the JRE version used by 1.7 is newer than that used by 1.6. Can you please confirm that the default certificate key store is still that associated with the JRE within the Xpresso install dir.

I work for Thales in the UK, this issue will afflict all users of your tools within Thales UK so is worthy of your attention.

As part of your ready for release testing, you should test your software using an HTTP Proxy with untrusted certificates. You need to check the ability to run the Pins, Clock Tools etc, Check for Updates and access the Eclipse Market Place - in short, every feature of your tool that does internet access. 

The typical error log entries are as below, for a contact with Eclipse Market Place, we get the same for NXP end points.

!ENTRY org.eclipse.equinox.p2.transport.ecf 2 0 2023-01-31 08:17:21.195
!MESSAGE Connection to https://mcuxpresso.nxp.com/eclipse/sdk/p2.index failed on PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Retry attempt 0 started
!STACK 0
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

 

 

 

 

1 解答
1,597 次查看
liborukropec
NXP Employee
NXP Employee

Hi,

 

the JRE is configured to use (on Windows only)  the Windows CA store, see

<MCUXpressoIDE>\ide\mcuxpressoide.ini

and the last line:

-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT

 

This typically solves the issue that on the Windows there's added some CA that is not trusted by Java. If removing this line will help, I cannot swear, but you might try.

 

Regards,

Libor

在原帖中查看解决方案

0 项奖励
回复
6 回复数
1,598 次查看
liborukropec
NXP Employee
NXP Employee

Hi,

 

the JRE is configured to use (on Windows only)  the Windows CA store, see

<MCUXpressoIDE>\ide\mcuxpressoide.ini

and the last line:

-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT

 

This typically solves the issue that on the Windows there's added some CA that is not trusted by Java. If removing this line will help, I cannot swear, but you might try.

 

Regards,

Libor

0 项奖励
回复
1,614 次查看
ZhangJennie
NXP TechSupport
NXP TechSupport

Hi billchadwick 

I tried to connect Eclipse Market Place via MCUXpresso IDE v11.7 menu, Eclipse Market Place can be well connected.

Could you please specify the steps of how to reproduce your issue?

Thanks,

Jun Zhang

0 项奖励
回复
1,574 次查看
billchadwick
Contributor III

As per my post, you need to check with internet access via an HTTPS proxy that uses untrusted certificates.

0 项奖励
回复
1,535 次查看
lpcxpresso_supp
NXP Employee
NXP Employee

Is JRE's job to validate certificates... If your company's proxy injects untrusted certificates in a certificates chain, then you should probably add the needed certificates in the JRE's keystore.

Regards,
MCUXpresso IDE Support

0 项奖励
回复
1,532 次查看
billchadwick
Contributor III

That used to work for 11.6 but does not for 11.7

0 项奖励
回复
1,526 次查看
liborukropec
NXP Employee
NXP Employee

Hello,

have you tried the recommendation with mcuxpressoide.ini few posts above?

Thank you,

Libor

0 项奖励
回复