SSL communication

  Written by The Jahia Team
 
Developers
  ssl
   Estimated reading time:
7.2.0.2
HTTP requests from DX to en external system with HTTPS fail

Cause

The SSL certificate is not interpreted as a safe certificate by the JVM of DX (self-signed certificate, signed by recent CA authorities)

Solution

  • Check that you're using a recent JVM
     
  • Import the SSL certificate to the keystore used by your JVM:
    keytool -import -trustcacerts -alias ALIAS_NAME -file CERTIFICATE_FILE -keystore JAVA_HOME/jre/lib/security/cacerts

     

  • Use a custom keystore in Tomcat by modifying the file TOMCAT_HOME/bin/setenv.sh and adding the following line:
    JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=PATH_TO_THE_COPIED_CACERTS -Djavax.net.ssl.trustStorePassword=changeit