Communicating with an External System Over SSL

If the certificate of the host you want to connect to is self signed, you may receive the following error message:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Note: This error message does not display for valid certificates, which are certificates that are signed by Certificate Authorities.

To use a server with a self-signed certificate, you need to perform the following steps:

  1. Download the SSL certificate from the server. Use a browser to view the certificate and export it. For example, in Mozilla Firefox, navigate to Tools > Page Info > Security > View Certificate > Details > Export.
  2. Start the key- and certificate-management tool Keytool. Keytool is part of your JRE installation, and is located in your JRE installation folder, for example C:\Program Files (x86)\Silk\Silk Central <version>\ instance_<instance number>_<instance name>\lib\jre64\bin. For additional information on Keytool, refer to the Java SE Technical Documentation.
  3. To add the certificate to the default Java keystore on the front-end server and application server, type for example the following command in Keytool:
    keytool 
      -importcert 
      -file CERTIFICATE.crt
      -keystore "C:\Program Files (x86)\Silk\Silk Central <version>\instance_<instance number>_<instance name>\lib\jre64\lib\security\cacerts"
    You are prompted to type the password.
  4. Type the default keystore password, changeit.
  5. Restart the front-end server and the application server to reload the keystore.