When running submissions (<xforms:submission>) over HTTPS against a server that use a self-signed certificate, I am getting an exception in the logs that looks like:
ERROR XFormsServer - XForms - submission - xforms-submit-error throwable: sun.security.provider.certpath.SunCertPathBuilderException
: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
How can I solve this?
When making the HTTPS request, Java checks the certificate of the server. Because the certificate is self-signed, Java can’t verify it is a legitimate certificate, hence the error message “unable to find valid certification path to requested target”.
What you need to do is either:
The exact steps for doing #2 above will depend on your environment, but in essence:
If the server handling the requests has its self-signed key in a Java key store, export it. Here
your-serveris the alias for your server the key store,mykey.ceris the file you are creating,keystoreis your key store file, andyour-passwordis the password to your key store.keytool -export -alias your-server -file mykey.cer -keystore keystore -storepass your-passwordOn the server on which Orbeon Forms is running (i.e. the server that initiates the HTTPS request), import
mykey.cerinto a trust store. Heretruststoreis your trust store file, which might be a new file you are creating if you don’t have an existing trust store.keytool -import -v -trustcacerts -alias your-server -file mykey.cer -keystore truststore -storepass your-passwordAdd the following
-Dparameters when starting the VM that runs your application server (e.g. Tomcat) and Orbeon Forms:-Djavax.net.ssl.trustStore=path/to/your/truststore -Djavax.net.ssl.trustStorePassword=your-password