Intellij IDEA License Activation (SSLHandshakeException)

Question

I'm trying to active Intellij IDEA (14) with my educational license under Ubuntu-gnome (15.4) getting an SSLHandshakeException:

JetProfile connection error: SSLHandshakeException: java.security.cert.CertificateException: java.security.SignatureException: Signature length not correct: got 256 but was expecting 512

Then it says "Intellij was not able to detect your proxy configuration", although I do not have a proxy and my network settings are configured to have no proxy. The support there told me to check my direct connection to https://lservice-auth.jetbrains.com/(https://account.jetbrains.com/lservice/). Chrome says this connection isn't safe (I've switched my distro and successfully activated Intellij, Chrome still has trust issues with that link):

NET::ERR_CERT_AUTHORITY_INVALID

Intellij-Error screenshot:

Update: I have managed to import Jetbrain's Keystore to my keystore, it now has 2 entries but still won't work:

Keystore enthält 2 Einträge

jetbrains, 20.07.2015, trustedCertEntry, Zertifikat-Fingerprint (SHA1): C3:83:F6:0A:6A:99:86:F3:B6:B3:38:44:8C:42:66:64:0F:07:DB:5A plugins.jetbrains.com, 20.07.2015, trustedCertEntry, Zertifikat-Fingerprint (SHA1): DF:47:A0:22:81:4B:79:F0:E5:C2:E1:4E:B4:CA:8A:0D:B9:1D:32:CC

Answer 1

Here is how i solved it:

• Go to https://account.jetbrains.com
• Choose download activation code for offline usage
• Enter it as activation key

Answer 2

Follow these steps:

1. Go to: File -> Settings -> Appearance & Behavior -> System settings -> HTTP Proxy

2. Select Auto-detect proxy setting

3. Click Clear password

4. Click check connection and provide the URL: https://account.jetbrains.com/login

5. Go to Help -> Register and login

Answer 3

The option to download an activation code is not available for educational licenses anymore.

I got it to work with a workaround. If you are getting stuck because you are behind a corporate proxy:

• Get off the private connection onto a guest wifi or mobile connection

• Activate your account

• Then get back on to the private connection

That should solve your problem!

Answer 4

OK, I've contacted support and they say it's a proxy issue &/or something replaces the certificate:

It doesn't work because something between our site with its correct certificates replaces these certificates. IDEs don't trust to what they get: Proxy server between you and our server (https://account.jetbrains.com/) that intercepts SSL traffic and substitutes our certificate with its own one, which is different and will not be accepted by the IDE. Note that this proxy server may be completely transparent to you and may work without any explicit proxy configuration in your system. Please contact your organization IT helpdesk or ISP support to get it resolved.

If it's not a corporate network and you can't control these connections, the end users who faced the issue can use offline activation codes, from their account.jetbrains.com profiles.

However for some people in the organisation it worked and some others (sitting next to each other with the same OS) it failed and they got this error.

You can see the "last seen" date in the website shows usage and the people affected.

The proxy advice from JetBrains was a bit confusing, because for us the solution wasn't proxy and nothing was blocking or substituting anything. We have an Internal Root Certificate that needs to be installed.

Mac

1. Open KeyChains (look in System)

2. Right Click your companies certificate

3. Export

4. Open your JetBrains IDE

5. Preferences

6. Expand Tools

7. Server Certificates

8. Click the + button

9. Import the certificate you exported from the KeyChain

10. In the IDE click Help Menu > Register and authenticate using your email and JetBrains password.

Windows

You will need your companies InternalIssuingCA.cer file, ask your IT Desk for it.

1. Click Start > Run

2. Type mmc

3. Press enter

4. Click the File menu

5. Select Add/Remove Snap In

6. On the left select Certificates

7. Click the “Add >”

8. Click OK

9. Now Expand Certificates > Trusted Certs > Certificates

10. Right click on Certificates

11. Select All Tasks > Import > next > next...

12. In the IDE click Help Menu > Register and authenticate using your email and JetBrains password

Update:

If you're behind a corporate firewall you may need to run CNTLM and specify the proxy when prompted by the IDE.

Note: You can reset your password using your email and the JetBrains.com website.

Answer 5

I see it's been a while, so I'm guessing you got past this. If not, make sure you import the CA's certificate to your Trusted Root Certificate Authority store. I don't know why JetBrains didn't get a public CA to sign their certificates though but there are some developers here who have had this same issue.

Answer 6

I had the same issue for so long. I finally resolved the issue, it was a configuration problem on the reverse proxy in front of the FLS Server:

We have a FLS server for the licence, and a nginx SSL reverse proxy in front. Client could get a license while talking directly to the FLS server, but not through the reverse proxy. The reverse proxy was answering correctly with the browser.

The SSL reverse proxy must include the full certificate chain to be validated by the Jetbrains tools. i.e. the ssl_certificate should be a file with the certificate followed by the CA