For documentation on the current version, please check Knowledge Base.
SSL Certificate for Java Keystore
Context
When loading web resources via a secured https connection, the website's Security Certificate must be available (known and trusted) to Java Runtime Engine used by Orbit.
Oracle includes certificates from widely recognized Certificate Authorities with a significant customer base and global reach.
Orbit embeds the most recent JRE available at the release of a new version.
More information about Security Certificates and Java Keystore :
Connectivity Issues
Mixed Content
Occurs when loading an insecure connection in a secured session.
Invalid or Self-Signed certificates
Occurs when the Website/Webservice certificate is not known by Java. Thus the expected secured connection cannot be guaranteed, a SSL handshake error will prevent successful connection.
When a proxy/firewall offloads secured communication to repacakage network traffic with its own SSL certificate, ensure the proxy uses a valid, officially authorized certificate. Self-signed certificates are, for well know reasons, not trusted and need to be added explicitly to the Java Keystore to enable connectivity.
Orbit Logfile Error
Following exception is printed in the Orbit logfile if a certificate is missing :
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Add Certificate to Java Keystore
Steps to add a certificate to the Java Keystore used by Orbit.
Get certificate from website
Browse to the secured website and download the website certificate via the browser's certificates manager.
- File format:
DER-encoded binary, single certificate (*.der)
Add certificate to Orbit's Java Keystore
From the command line.
Go to Orbit's jre/bin directory.
On Windows, <Orbit Installation Directory>/program/jre/bin/
Execute following command :
keytool -import -alias <Alias> -keystore ..\lib\security\cacerts -file <File Directory>\<Filename>.cer
- Alias : free of choice
- Password : default,
changeit
, requested after prompt.
After confirmation and entering the password the message Certificate was added to keystore
should be printed.