Add SSL Certificate to Plumtree Publisher JRE

Publisher has a configuration setting in content.properties that allows it to connect directly to the imageserver. Why? Well, the comment in the file describes it appropriately enough:


# JSComponents need to directly access the imageserver from the Publisher
# machine in order to obtain some configuration information. By default it uses
# the image server URL which is provided by the portal for portal end-users,
# but you may also specify an alternate image server URL to be tried first instead,
# such as in the case where the system topography prevents the Publisher
# from accessing that end-user URL.
#JSComponents.AlternateImageServerUrl=http://machinehost:port/imageserver

Problem is, it doesn’t seem to work for the diagnostic tool, and may not work when Publisher needs to load community-themes.txt (which it needs in order to provide the style sheet drop-down for header portlets). So Publisher still needs to connect to the image server – but if the image server is configured to only use SSL, you’re likely going to see an error like this:



Exception Message: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The solution – import the SSL certificate from the imageserver – is after the break.

[Credit goes to mkyong for outlining the majority of the procedure. The link for the code referenced there was broken, so I found it on code.google.com.]

The steps are pretty straightforward:

  1. Download InstallCert.java
  2. Remove the first line referencing the package to make compilation easier
  3. Run: C:\bea\alui\ common\jre\1.5.0_32\ bin>javac InstallCert.java
  4. Run: C:\bea\alui\ common\jre\1.5.0_32\ bin>java InstallCert portal.site.com:443
  5. Run the same command again to validate the certificate: C:\bea\alui\ common\jre\1.5.0_32\ bin>java InstallCert portal.site.com:443
  6. Move jssecerts to C:\bea\alui\ common\jre\1.5.0_32\ lib\security

No Publisher restart needed – Publisher’s diagnostic tool should now go all green-lighty for you:

Tags: , ,

Leave a Reply