When a computer is on a company network and the network uses a proxy server to control internet access, the network might also employ man in the middle SSL monitoring of the network traffic. Normally this is done by installing a company signed Root certificate onto each of the computers by the IT department. This is a common practice that allows the company to intercept the internet traffic and inspect it for viruses or company secrets. If this is the case then the Simplicity Studio installation might need to be modified so that it has access to the company root certificate, so that it can confirm the certificate path to the Simplicity Studio content servers can be trusted.
Symptoms of this issue would be getting an error message like “Failed to log in please check user name and password. Reason: illegal auth endpoint null”. Another error that might indicate this condition is “’Installing Software’ has encountered a problem.” And the problem details show it was unable to read a repository with a “Read timeout out” error. To confirm this is the reason open a web browser and paste this URL into the browser: https://updates.silabs.com. On the resulting web page click on the lock icon and view the certificate details. If the certificate is not issued by DigiCert with one intermediate certificate by DigiCert ECC Secure Server CA then there is a man in the middle certificate(s). In the screenshot below the image on the left is from Google Chrome and the one on the right is from Mozilla Firefox for the case where there is no man in the middle certificate:
If there is a man in the middle certificate then Silicon Labs recommends you contact your IT department or secure internet provider to get their recommendation on how to handle this situation. Some Alternative approaches are detailed below, but Silicon Labs recommends that you consult your IT department before following any of the suggested approaches.
Method 1 Import SSL certificates into the Simplicity Studio Java Runtime Engine (JRE)
The SSL security certificates need to be imported into the Java runtime engine (JRE) that Simplicity Studio uses.
1. First exit Simplicity Studio.
2. Simplicity Studio needs access to the certificates for these two urls:
For some SDKs the certificate for this URL might also be needed:
3. Open each URL in a web browser and verify the site has the secure (lock) icon.
4. Then export first the Root certificate (top level certificate).
Exporting certificates seems slightly easier with Firefox, but can be done with any browser. If the root certificate is the same for any of the URLs after the first one, then it does not need to be exported again, but if any of the intermediate certificates are different than they would need to be exported. With Firefox you click the ‘info’ circle to the left of the lock icon which is left of the url, then expand the connection details and select “More Information”, click the “Security” tab and then “View Certificate” and then highlight the top certificate and click the “Export…” link at the bottom and choose a location to save the certificate (save it in the default suggested format).
5. Next highlight the next lower certificate, if any, and continue exporting them until all of the certificates in the Certification Path have been exported.
6. Check the other URL(s) listed above for any certificates that are different. The Root certificate and top level certificates are probably identical so they would not need to be exported again.
7. To import certificates to java, open a terminal or command prompt window and use the change directory ('cd') command to navigate to the Simplicity Studio JRE folder. The path will vary depending on the operating system
cd /Applications/Simplicity Studio.app/Contents/Eclipse/jre/Contents/Home/bin
8. Now use the 'keytool' to import each of the downloaded certificates into the JRE keystore:
keytool -importcert -alias [ALIASNAME] -keystore ..\lib\security\cacerts -file [PATH_TO_CERTIFICATE_FILE] -storepass changeit
ALIASNAME is the name to assign to this certificate in the keystore. It can typically be the basename of the certficate .crt file. 'changeit' is the default password that is used for keystore vault access.
Method 2 Modify Simplicity Studio .ini File to Access the Operating System Truststore
Again, before using this method verify that this method is approved by your IT department.
I would like to acknowledge that this method was discovered and shared with us by a customer on a support case. Use a text editor on the file studio.ini located in the Simplicity Studio installation folder. Add these two lines at the end of the file:
*This has not yet been confirmed to work by a Mac User.
Method 3 Use Offline Installer Archives
Silicon Labs does have offline installer archives that can be used in conjunction with the Simplicity Studio installer. The offline installer archives can be used instead of importing the security certificates or in case there are still issues after configuring the proxy server settings and importing the security certificates. To gain access to the offline archives it is currently necessary to create a support case requesting offline archive access. More information is provided in Application Note “AN1096: Simplicity Studio v4 Offline Installation” (https://www.silabs.com/documents/public/application-notes/an1096-ssv4-offline-installation.pdf ).