====== SSL Certificate to Java Keystore ===== ===== Context ===== When loading web resources via a secured https connection, the website's Security Certificate must be available to the Oracle's Java Runtime Engine used by Orbit. \\ Oracle includes certificates from widely recognized Certificate Authorities with a significant customer base and global reach. \\ Orbit embeds the most recent Jre available at release of a new version. More information about Security Certificates and Java Keystore : * https://www.oracle.com/technetwork/java/javase/javasecarootcertsprogram-1876540.html * https://en.wikipedia.org/wiki/Keystore * https://en.wikipedia.org/wiki/Certificate_authority ===== Orbit Logfile Error ===== Following exception is printed in the [[206:technology:platforms:logfiles|Orbit logfile]] if a certificate is missing : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ===== Add Certificate to Java Keystore ===== Steps to add a certificate to the Java Keystore used by Orbit. === Download certificate from website === Browse to the secured website and download the certificate file via the browser's certificates manager. * File format : ''DER Encoded Binairy X.509 (CER)'' === Add certificate to Orbit's Java Keystore === From command line. \\ Go to Orbit's Jre bin directory. \\ On Windows * Client/Server \\ ''/client/program/jre64/'' \\ ''/server/program/jre64/'' * Standalone \\ ''/program/jre/'' Execute following command : \\ keytool -import -alias -keystore ..\lib\security\cacerts -file \.cer * Alias : free of choice * Password : default, ''changeit'', requested after prompt. After confirmation and entering the password the message ''Certificate was added to keystore'' should be printed.