Skip to main content
Warning

Migrations are coming to VA GitHub. See the Migrations section for more information.

Java TLS Errors

In some cases, the VA requires outbound internet traffic to go through a proxy. Your Windows Desktop is configured to trust this proxy and usually most operations should succeed.

If you are encountering SSL/TLS errors when attempting to reach a resource on the internet (such as github.com), we need to configure Java to trust this proxy.

Download the VA’s certificate

  1. Download the VA’s certificate.
  2. Move the downloaded file to C:\Users\<USERNAME>\Documents\VA-Internal-S2-RCA1-v1.pem where is your own username.

Find location of your Java Runtime Environment

  1. Launch Eclipse
  2. Navigate to Window > Preferences Eclipse Window > Preferences
  3. Navigate to Java > Installed JREs Eclipse Java > Installed JREs
  4. Open your active JRE Eclipse Open JRE
  5. Copy the path from JRE Home, we’ll need it in a minute

Update Java keystore with the VA’s certificate

  1. Launch PowerShell (does not require admin rights unless your Java installation is in a protected location)
  2. Run the following commands, replacing my parameters with yours

cd "C:\Path\To\JRE\Home" .\jre\bin\keytool.exe -import -alias va-certificate-authority -file "C:\Users\<USERNAME>\Documents\VA-Internal-S2-RCA1-v1.pem" -keystore .\jre\lib\security\cacerts -storepass changeit -noprompt

PowerShell Import Certificate

Java should now trust the VA’s certificate authority, and your TLS issues should be resolved. 🎉

If you have further issues or questions, please open an Issue for assistance https://github.com/department-of-veterans-affairs/github-user-requests/issues/new

Return to Guides