You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Hello,
I am trying to use Amazon Q in IntelliJ but it is not working with our SSL Interception activated.
My entreprise uses ZScaler (yes I know....), and I found the #1009 some informations but it didn't works.
I added the root certificate in IntelliJ store, but Amazon Q still refuses to work :
An error occurred while processing your request.
This error is reported to the team automatically. We will attempt to fix it as soon as possible.
Details:
Unable to execute HTTP request: javax.net.ssl.SSLHandshakeException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
Session ID: null
To reproduce
Install Amazon Q on IntelliJ
Activate your SSL Interception program (in my case ZScaler)
Add the root certificate in IntelliJ trusted store
Reboot the IDE to be sure it is taken into account
Try Amazon Q
Expected behavior
It should be working as on the #1009 it is said that AWS Toolkit is now using correctly the IntelliJ trusted store.
Screenshots
Your Environment
OS: Windows 10, all patches applied
JetBrains product: IntelliJ IDEA Community Edition
JetBrains product version: 2024.1
AWS Toolkit version: 2.19-241
SAM CLI version: 2.15.40
Python version: 3.11.8
Thank you for your help!
The text was updated successfully, but these errors were encountered:
I am experiencing the same issue! Is there a resolution ?
@vp380 There is no resolution on this ticket for now but I found a workaround.
As the AWS plugin ignore the certificate installed from the GUI, you can instead import the Zscaler certificate (or any root certificate) directly into the bundled Java Keystore of IntelliJ.
To do so :
Open a command prompt as admin
cd to IntelliJ installation directory
Execute the following command : .\jbr\bin\keytool.exe -import -noprompt -keystore .\jbr\lib\security\cacerts -storepass changeit -alias ZscalerRootCA -file PATH_TO_YOUR\zscaler.pem
And yes, changeit is the real password of the Keystore, and contrary to what the password states, I think that it should be a bad idea to change it.
Useful commands :
List certificates : .\jbr\bin\keytool.exe -list -keystore .\jbr\lib\security\cacerts
Remove certificate : .\jbr\bin\keytool.exe -delete -storepass changeit -alias ZscalerRootCA -keystore .\jbr\lib\security\cacerts (alias is foundable with the list command)
PS : One downside of this method, is that it is on the installation directory so I think that it will be erased at the next update of IntelliJ.
@vp380 There is no resolution on this ticket for now but I found a workaround. @sbourell which also worked very well under MacOS (paths are slightly different of course)
Describe the bug
Hello,
I am trying to use Amazon Q in IntelliJ but it is not working with our SSL Interception activated.
My entreprise uses ZScaler (yes I know....), and I found the #1009 some informations but it didn't works.
I added the root certificate in IntelliJ store, but Amazon Q still refuses to work :
To reproduce
Expected behavior
It should be working as on the #1009 it is said that AWS Toolkit is now using correctly the IntelliJ trusted store.
Screenshots
Your Environment
Thank you for your help!
The text was updated successfully, but these errors were encountered: