Using ReadFromURL or SeedDataObject -> ReadFromURL against SSL sites

Document created by Dave Murphy Employee on Dec 15, 2017
Version 1Show Document
  • View in full screen mode

If you use $context.readFromURL via: script or using a SeedDataObject property /w read from URL on an SSL site you can run into certification issues.   While this might be a boundary case I wanted to document it for future reference.

 

You can solve this by installing the cert into Java itself.

 

sudo keytool -import -noprompt -trustcacerts -file mycertfile.pem  -alias 'GlobalsignValG2' -keystore '/usr/java/default/jre/lib/security/cacerts' -storepass 'changeit'

 

Restart JBOSS 

 

how do you know when this needs to be done?  Well if you get the following error then it needs to be done.

 

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (javax.net.ssl.SSLHandshakeException) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (sun.security.validator.ValidatorException) unable to find valid certification path to requested target (sun.security.provider.certpath.SunCertPathBuilderException)

Attachments

    Outcomes