On 11.6, we could set up the Network proxy for our corporate HTTPS proxy which uses untrusted certificates. We added our proxy's untrusted certificates to the jre key store associated with the IDE.
On 11.7, something about the Network proxy setup is changed and broken. The approach above no longer works.
I observe that the JRE version used by 1.7 is newer than that used by 1.6. Can you please confirm that the default certificate key store is still that associated with the JRE within the Xpresso install dir.
I work for Thales in the UK, this issue will afflict all users of your tools within Thales UK so is worthy of your attention.
As part of your ready for release testing, you should test your software using an HTTP Proxy with untrusted certificates. You need to check the ability to run the Pins, Clock Tools etc, Check for Updates and access the Eclipse Market Place - in short, every feature of your tool that does internet access.
The typical error log entries are as below, for a contact with Eclipse Market Place, we get the same for NXP end points.
!ENTRY org.eclipse.equinox.p2.transport.ecf 2 0 2023-01-31 08:17:21.195
!MESSAGE Connection to https://mcuxpresso.nxp.com/eclipse/sdk/p2.index failed on PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Retry attempt 0 started
!STACK 0
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
