Add SSL Certificate to Plumtree Publisher JRE

Publisher has a configuration setting in that allows it to connect directly to the imageserver. Why? Well, the comment in the file describes it appropriately enough:

# JSComponents need to directly access the imageserver from the Publisher
# machine in order to obtain some configuration information. By default it uses
# the image server URL which is provided by the portal for portal end-users,
# but you may also specify an alternate image server URL to be tried first instead,
# such as in the case where the system topography prevents the Publisher
# from accessing that end-user URL.

Problem is, it doesn’t seem to work for the diagnostic tool, and may not work when Publisher needs to load community-themes.txt (which it needs in order to provide the style sheet drop-down for header portlets). So Publisher still needs to connect to the image server – but if the image server is configured to only use SSL, you’re likely going to see an error like this:

Exception Message: PKIX path building failed: unable to find valid certification path to requested target PKIX path building failed: unable to find valid certification path to requested target

The solution – import the SSL certificate from the imageserver – is after the break.

[Credit goes to mkyong for outlining the majority of the procedure. The link for the code referenced there was broken, so I found it on]

The steps are pretty straightforward:

  1. Download
  2. Remove the first line referencing the package to make compilation easier
  3. Run: C:\bea\alui\ common\jre\1.5.0_32\ bin>javac
  4. Run: C:\bea\alui\ common\jre\1.5.0_32\ bin>java InstallCert
  5. Run the same command again to validate the certificate: C:\bea\alui\ common\jre\1.5.0_32\ bin>java InstallCert
  6. Move jssecerts to C:\bea\alui\ common\jre\1.5.0_32\ lib\security

No Publisher restart needed – Publisher’s diagnostic tool should now go all green-lighty for you:

Tags: , ,

Leave a Reply