Configuring SSL certificates for Link Java WEB Client
This documentation explains how to configure an SSL certificate for the Link Java WEB
client.
Note: Please note that if you encounter the following error while configuring
the HCH runtime server, you will need to import the Link server certificate into the
JRE keystore or truststore. This problem occurs when java web clients try to access
web servers that have server certificates signed by unknown
authority.
com.hcl.tx.server.impl.ServiceException: An error was encountered when invoking an endpoint: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.To configure SSL certificates for the Link Java WEB client, follow these steps:
- Collect the WEB server certificate by executing the following
command:
openssl s_client -connect <Link server hostname>:<PORT> - Copy the following content from the generated output after running the earlier
command and save the certificate in either .cer file
format:
------BEGIN CERTIFICATE------ … -----END CERTIFICATE----- - Import the certificate from the file (created in step 2) into JRE (Java Runtime
Environment) keystore using the following command:For Windows:
sudo keytool -import -trustcacerts -keystore <Link installation folder>/java/lib/security/cacerts -storepass changeit -noprompt -alias <Alias> -file <Cert File path>For Linux Native:sudo keytool -import -trustcacerts -keystore <Link installation folder>/tomcat-context/install/java/lib/security/cacerts -storepass changeit -noprompt -alias <Alias> -file <Cert File path - Restart Link.