Skip to main content
Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Java TLS Errors

In some cases, the VA requires outbound internet traffic to go through a proxy. Your Windows Desktop is configured to trust this proxy and usually most operations should succeed.

If you are encountering SSL/TLS errors when attempting to reach a resource on the internet (such as github.com), we need to configure Java to trust this proxy.

Download the VA’s certificate

  1. Download the VA’s certificate.
  2. Move the downloaded file to C:\Users\<USERNAME>\Documents\VA-Internal-S2-RCA1-v1.pem where is your own username.

Find location of your Java Runtime Environment

  1. Launch Eclipse
  2. Navigate to Window > Preferences Eclipse Window > Preferences
  3. Navigate to Java > Installed JREs Eclipse Java > Installed JREs
  4. Open your active JRE Eclipse Open JRE
  5. Copy the path from JRE Home, we’ll need it in a minute

Update Java keystore with the VA’s certificate

  1. Launch PowerShell (does not require admin rights unless your Java installation is in a protected location)
  2. Run the following commands, replacing my parameters with yours

cd "C:\Path\To\JRE\Home" .\jre\bin\keytool.exe -import -alias va-certificate-authority -file "C:\Users\<USERNAME>\Documents\VA-Internal-S2-RCA1-v1.pem" -keystore .\jre\lib\security\cacerts -storepass changeit -noprompt

PowerShell Import Certificate

Java should now trust the VA’s certificate authority, and your TLS issues should be resolved. 🎉

If you have further issues or questions, please open an Issue for assistance https://github.com/department-of-veterans-affairs/github-user-requests/issues/new

Return to Guides