Which certificate store used when Oscript calls Java libraries

HFCDev · 2021-09-27T16:40:26+00:00

There was an error rendering this rich post.

Hi,

I have some Oscript that calls an API via the Apache HTTP Client library. I'm getting a (well known) certificate error, mainly this Java exception:

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

In my test environment, this is somewhat expected as I'm using Fiddler as an untrustworthy proxy, but I added Fiddler's self signed cert to the Windows cert store on the server. However, what I'm wondering is if I need to add it to the Java key store for Content Server's jvm since I'm invoking the JVM rather than the Oscript VM.

Can anyone from senior development at OpenText comment? It's not often that one would need to do this, but for cloud deployments, I need to be able to support proxies between Content Server and whatever API I'm calling.

Thanks in advance.

-Hugh Ferguson

Find more posts tagged with

OScript

Comments

HFCDev

I believe I have just answered my own question. I downloaded Fiddler's (self-signed) certificate and installed it on our DEV server (kids, don't EVER do this in PROD). Having already imported into the Windows Store, I instead ran the keystore application in OTHome\jre\bin, and lo and behold it worked!!

Yep, sure as heck surprised me. Here is the command I ran:

keytool.exe -importcert -file <path to cer file> -cacerts -alias "<your alias>"

Be sure you are running keytool for the OT instance of Java and not any other Java on the server. The alias can be whatever you want - mine was just Fiddler. The password you will get asked for probably has the default password for the cacerts file and that password is "changeit" (YMMV).

-Hugh

Satya_Sridhar_Karri

Hi Hugh,

I came across the similar scenario and did same as you, importing or installing the certificate on the OTHome\jre worked for me as well.