https://connect.hyland.com/t5/alfresco-forum/not-able-to-add-certificate-from-alfresco-in-local-windows/m-p/95725#M28157 <P>Hello Afaust,</P><P>Thanks for the response.</P><P>Alfresco-Windows-machine has a correct certificate and has no issue.</P><P>I issue is, not being able to call a URL (URL is hosted in that Alfresco-Windows-machine) from a different Windows-machine, where I run local-Java-code in Eclipse. I obtained the correct certificate from the&nbsp;Alfresco-Windows-machine. After that, I attempted to install that certificate in the JRE of the&nbsp;local-Java-Eclipse-machine. The&nbsp;local-Java-Eclipse-machine has Java driver code (e.g. Java main method) that calls URL hosted in&nbsp;Alfresco-Windows-machine. The&nbsp;local-Java-Eclipse-machine does NOT have any server, or anything else, only has a Java-driver class that can make HTTP(s) call to the URL hosted in&nbsp;Alfresco-Windows-machine. The&nbsp;local-Java-Eclipse-machine (even with the certificate installed in its JRE) is not being able to succeed in calling the URL of the&nbsp;Alfresco-Windows-machine.</P><P>My questions:</P><P>1. Are you suggesting any different configuration in&nbsp;local-Java-Eclipse-machine, which only has the has the Java driver (it does not have Alfresco, does not have Tomcat). It simply makes the HTTP(S) calls the URL hosted in the Alfresco-Windows machine.</P><P>2. I do not understand what exact SOLR-type configuration you are suggesting for the&nbsp;local-Java-Eclipse-machine.</P> Wed, 28 Oct 2020 17:04:15 GMT SG 2020-10-28T17:04:15Z https://connect.hyland.com/t5/alfresco-forum/not-able-to-add-certificate-from-alfresco-in-local-windows/m-p/95723#M28155 <P>I am trying to run the driver-Java-code locally inside my Windows-Eclipse and attempting to make the HTTPS call to a webservice deployed in a different Windows-Alfresco server.</P><P>The webservice deployed in the Windows-Alfresco server is created using Java-backed-WebScript. The webservice URL attempted to be called is similar to: <A href="https://mydomain.org/alfresco/service/extract/abc" target="_blank" rel="noopener nofollow noreferrer">https://mydomain.org/alfresco/service/extract/abc</A></P><P>This is what I have attempted:</P><P>I took the valid certificate from the Alfresco-Windows server and added to my local-Eclipse-Windows machine’s JRE using the following:</P><P>keytool -import -trustcacerts -alias mycertificate -file C:\Documentation\ mycertificate.cer -keystore keystore.jks</P><P>After that, I also made sure that the certificate is indeed installed and verified that using:</P><P>keytool -list -v -keystore keystore.jks</P><P>I also verified that Eclipse is also configured to use the same JRE, where I imported the certificate from Alfresco.</P><P>Even with that, I still get the error as follows, when I attempt to execute the Java-client-code from my Windows-Eclipse, attempting to call the URL deployed in the remote Windows-Alfresco server:</P><P>Called URL =<A href="https://mydomain.org/alfresco/service/extract/abc" target="_blank" rel="noopener nofollow noreferrer">https://mydomain.org/alfresco/service/extract/abc</A></P><P><U>I get exception stacktrace as:</U></P><P><BR />sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<BR />at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)<BR />at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)<BR />at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)<BR />at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)<BR />at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)<BR />at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)<BR />at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)<BR />at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)<BR />at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)<BR />at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)<BR />at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)<BR />at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)<BR />at sun.net.<A href="http://www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559" target="_blank" rel="nofollow noopener noreferrer">www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559</A>)<BR />at sun.net.<A href="http://www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185" target="_blank" rel="nofollow noopener noreferrer">www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185</A>)<BR />at sun.net.<A href="http://www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564" target="_blank" rel="nofollow noopener noreferrer">www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564</A>)<BR />at sun.net.<A href="http://www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492" target="_blank" rel="nofollow noopener noreferrer">www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492</A>)<BR />at sun.net.<A href="http://www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263" target="_blank" rel="nofollow noopener noreferrer">www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263</A>)<BR />at MyDreiver.java:63)<BR />Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<BR />at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)<BR />at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)<BR />at sun.security.validator.Validator.validate(Validator.java:262)<BR />at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)<BR />at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)<BR />at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)<BR />at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)<BR />... 15 more<BR />Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<BR />at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)<BR />at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)<BR />at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)<BR />at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)<BR />... 21 more</P><P>My question:</P><P>1. Any suggestion will be appreciated.</P> Fri, 23 Oct 2020 15:21:02 GMT https://connect.hyland.com/t5/alfresco-forum/not-able-to-add-certificate-from-alfresco-in-local-windows/m-p/95723#M28155 SG 2020-10-23T15:21:02Z https://connect.hyland.com/t5/alfresco-forum/not-able-to-add-certificate-from-alfresco-in-local-windows/m-p/95724#M28156 <P>When you do calls to HTTPS URLs protected by self-signed or other untrusted certificates, you should never rely on the certificate being added to the JRE. Instead, you custom code should use its own truststore for certificate / host validation, i.e. similar to how Alfresco uses the ssl.truststore for handling the SSL certificate validation if SOLR and Repository are set up in a mTLS configuration.</P> Sat, 24 Oct 2020 14:08:03 GMT https://connect.hyland.com/t5/alfresco-forum/not-able-to-add-certificate-from-alfresco-in-local-windows/m-p/95724#M28156 afaust 2020-10-24T14:08:03Z https://connect.hyland.com/t5/alfresco-forum/not-able-to-add-certificate-from-alfresco-in-local-windows/m-p/95725#M28157 <P>Hello Afaust,</P><P>Thanks for the response.</P><P>Alfresco-Windows-machine has a correct certificate and has no issue.</P><P>I issue is, not being able to call a URL (URL is hosted in that Alfresco-Windows-machine) from a different Windows-machine, where I run local-Java-code in Eclipse. I obtained the correct certificate from the&nbsp;Alfresco-Windows-machine. After that, I attempted to install that certificate in the JRE of the&nbsp;local-Java-Eclipse-machine. The&nbsp;local-Java-Eclipse-machine has Java driver code (e.g. Java main method) that calls URL hosted in&nbsp;Alfresco-Windows-machine. The&nbsp;local-Java-Eclipse-machine does NOT have any server, or anything else, only has a Java-driver class that can make HTTP(s) call to the URL hosted in&nbsp;Alfresco-Windows-machine. The&nbsp;local-Java-Eclipse-machine (even with the certificate installed in its JRE) is not being able to succeed in calling the URL of the&nbsp;Alfresco-Windows-machine.</P><P>My questions:</P><P>1. Are you suggesting any different configuration in&nbsp;local-Java-Eclipse-machine, which only has the has the Java driver (it does not have Alfresco, does not have Tomcat). It simply makes the HTTP(S) calls the URL hosted in the Alfresco-Windows machine.</P><P>2. I do not understand what exact SOLR-type configuration you are suggesting for the&nbsp;local-Java-Eclipse-machine.</P> Wed, 28 Oct 2020 17:04:15 GMT https://connect.hyland.com/t5/alfresco-forum/not-able-to-add-certificate-from-alfresco-in-local-windows/m-p/95725#M28157 SG 2020-10-28T17:04:15Z