In some cases, the VA requires outbound internet traffic to go through a proxy. Your Windows Desktop is configured to trust this proxy and usually most operations should succeed.
If you are encountering SSL/TLS errors when attempting to reach a resource on the internet (such as github.com), we need to configure Java to trust this proxy.
Download the VA’s certificate
- Download the VA’s certificate.
- Move the downloaded file to
C:\Users\<USERNAME>\Documents\VA-Internal-S2-RCA1-v1.pem
whereis your own username.
Find location of your Java Runtime Environment
- Launch Eclipse
- Navigate to Window > Preferences
- Navigate to Java > Installed JREs
- Open your active JRE
- Copy the path from JRE Home, we’ll need it in a minute
Update Java keystore with the VA’s certificate
- Launch PowerShell (does not require admin rights unless your Java installation is in a protected location)
- Run the following commands, replacing my parameters with yours
cd "C:\Path\To\JRE\Home"
.\jre\bin\keytool.exe -import -alias va-certificate-authority -file "C:\Users\<USERNAME>\Documents\VA-Internal-S2-RCA1-v1.pem" -keystore .\jre\lib\security\cacerts -storepass changeit -noprompt
Java should now trust the VA’s certificate authority, and your TLS issues should be resolved. 🎉
If you have further issues or questions, please open an Issue for assistance https://github.com/department-of-veterans-affairs/github-user-requests/issues/new