Set SSL certificate on Tomcat server Follow

This note is for cases that your Forms/EBS are HTTPS and use certificate that does not exist on the tomcat server.

In that case you will get an error when the ServiceManager would try to open a connection against the Forms/EBS server.

You will see that error in ServiceManager->Log.

You will get the following error in the Log:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

In order to resolve that issue, it would be required to add the certificate to tomcat server for that HTTPS.

How to import certificates

1. Go to URL in your browser, click on HTTPS certificate chain (little lock symbol next to URL address) to export the certificate

• Click "more info" > "security" > "show certificate" > "details" > "export..".
• Save as .der
• Repeat for any certificates you need to import

2. Locate $JAVA_HOME/jre/lib/security/cacerts

3. Import all *.der files into the cacerts file using the following:

   sudo keytool -import -alias mysitestaging -keystore $JAVA_HOME/jre/lib/security/cacerts -file staging.der

4. Repeat #3 for all environments

5. The default keystore password is 'changeit'

6. You can view the change that you made with this command that shows the Certificate fingerprint.

    keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts

7. If this doesn't solve the problem, try adding these java options as arguments to tomcat:

    -Djavax.net.ssl.trustStore="$JAVA_HOME/jre/lib/security/cacerts"

    -Djavax.net.ssl.trustStorePassword="changeit"