search

marcellourbani / vscode_abap_remote_fs

Remote filesystem for ABAP systems
MIT License
175 stars 28 forks source link

Failed to connect to ConnectionName:unable to verify the first certificate #220

Open Bonzay0 opened 4 months ago

Bonzay0 commented 4 months ago

Hello!

I've recently came back to work with one of my clients. Trying to work again with the extension, which worked wonderfully a year ago, I've came across this new issue.

I'm connecting to a proxy server using a VPN in order to access the client's servers (be it Fiori or SAPGUI for Windows). And then when trying to connect into the server I'm getting: Failed to connect to ConnectionName:unable to verify the first certificate

So I started reading over the setup and installation again as some changes were made since last I used the extenstion. But no matter what I do, I cannot access the server using the extension.

my current settings is as follows:

"abapfs.remote": {
        "ServerName": {
            "name": "ServerName",
            "url": "https://<ServerIPAddress>:44300/",
            "username": "<username>",
            "password": "<password>",
            "language": "en",
            "client": "200",
            "diff_formatter": "ADT formatter",
            "allowSelfSigned": true
        }
    }

I also tried to add my server's crt content into the configuration under customCA, I have even read issue #201 in order to see if I did any mistakes. I tried to do both variations of including allowSelfSigned: true and the certificate and without allowSelfSigned in the configuration.

I'm not sure if I'm doing something wrong or this is an issue with the extension, this isn't really my expertise. I would love some help resolving this as I would love using the extension again.

marcellourbani commented 4 months ago

What version are you using? The following works fine with the latest (1.7.10) and the latest abap trial container:

    "A4HS": {
      "url": "https://a4h.dummy.nodomain:50001",
      "username": "developer",
      "password": "",
      "client": "001",
      "allowSelfSigned": true,
      "atcapprover": "BWDEVELOPER"
    }
marcellourbani commented 4 months ago

Oh, wait, I think I got it: you can't use the ip address, need to use a domain name If you don't have one put it in your hosts file Getting self signed to work with ip addresses today required removing more safety checks that I'm comfortable with (easy to affect other clients, for instance)

Bonzay0 commented 4 months ago

I have tried that as well. I switched the IP address with the domain name (same as you do in the browser) and I'm still getting the same error. And I have tried it with the customCA as well. (with and without allowSelfSigned) Not sure what is the problem, as I can access the fiori and sapgui just fine with the same addresses.

marcellourbani commented 1 month ago

Is this still happening? A relevant bug in the ADT library was fixed a while ago

Bonzay0 commented 1 month ago

Currently I still have the same error. We are soon upgrading the systems to higher version of S4. I'll have to re-test it then.