Import Java HTTPS Certificates
If you use Java JDK 1.8.0_181 or higher, you can skip this step.
The built-in mechanism in Java prevents an instance to be connected to HTTPS without having its certificate explicitly imported. To allow your IM instance to connect to Pricefx API, e.g. on the URL https://pricefx.eu/pricefx, you will need to import the Pricefx certificate into your Java cacerts file. If you do not provide a proper certificate, the following Java exception is thrown:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
To install the certificate, follow these steps:
Download the certificate using the following Linux command:
echo -n | openssl s_client -connect pricefx.eu:443 | \ sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > pricefx_eu.crt
Check the generated file pricefx_eu.crt. Its content should identical or similar to this:
-----BEGIN CERTIFICATE----- MIIGsjCCBZqgAwIBAgIQAlP/mcxIAYDYkd0E6AhoWTANBgkqhkiG9w0BAQsFADBD MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQDExR0 aGF3dGUgU0hBMjU2IFNTTCBDQTAeFw0xNzAxMzEwMDAwMDBaFw0yMDAxMzEyMzU5 NTlaMG8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCYXllcm4xIDAeBgNVBAcMF1Bm YWZmZW5ob2ZlbiBhLmQuIEdsb25uMRYwFAYDVQQKDA1QcmljZSBmKHgpIEFHMRUw EwYDVQQDDAwqLnByaWNlZnguZXUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC/uNIQZP3jEpmtG/H24dKriOTTldHqJfGKo8Jg6AsEkEOxkwcfu7trnSQQ 3mbvzts86xROuTdTkfFJAyIdP/tEWDTC3o0sB72BJavwJ6XcLBuZ1j++sG7nvQFH m2tYrvj2WPvRIDkLMFfYDjNZNVMERhNufV5kOG/OKGx/0gujBN31FckBzPyIorXN 40rIGOzmqr8SGNfsNg7xInxR350GfW+lQRlZNd0+gUYp/4h67pSlfyTK6idEMZAX 6q5wym4GQnl7WE9f00J9QmsWoe9r3Atzeiqe89iXq9H/JnrHfKVbW/MNH0N92n37 0ZX0H83T82Tqpx975XaPOg+xKtYPAgMBAAGjggN0MIIDcDAjBgNVHREEHDAaggwq LnByaWNlZnguZXWCCnByaWNlZnguZXUwCQYDVR0TBAIwADBuBgNVHSAEZzBlMGMG BmeBDAECAjBZMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50aGF3dGUuY29tL2Nw czAvBggrBgEFBQcCAjAjDCFodHRwczovL3d3dy50aGF3dGUuY29tL3JlcG9zaXRv cnkwDgYDVR0PAQH/BAQDAgWgMB8GA1UdIwQYMBaAFCuaNa4BGDgw4XB6BeARdqPO vZAUMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly90Zy5zeW1jYi5jb20vdGcuY3Js MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBXBggrBgEFBQcBAQRLMEkw HwYIKwYBBQUHMAGGE2h0dHA6Ly90Zy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0 dHA6Ly90Zy5zeW1jYi5jb20vdGcuY3J0MIIB9gYKKwYBBAHWeQIEAgSCAeYEggHi AeAAdQDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVnzhSe5AAAE AwBGMEQCIDkWBgoyuRMq0VANZNW+3KQGjYaOOexk3FU1VJOa32txAiATdrCi7A6F fg65PApqfX1+EVLLvTy9twkNlfCMMF8EcwB2AKS5CZC0GFgUh7sTosxncAo8NZgE +RvfuON3zQ7IDdwQAAABWfOFJ/EAAAQDAEcwRQIhAKmF0JQIXnMsswPJXDwFqrvF LZv+FPKcEyb/YNlZ4JVlAiBJBbDCeZAm6/Oom1wrQGfQJxOdB50X7DoRdks1D6Rc YgB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABWfOFKAoAAAQD AEgwRgIhAOrgCKtdx5Wwse82isOgatvQjDBEc0cSAIA8kTGwh5wyAiEA+HjOchQP IwOuFrhTIPjNsTqRZLPGUMV6zta4RKMb5Q8AdgC8eOHfxfY8aEZJM02hD6FfCXlp IAnAgbTz9pF/Ptm4pQAAAVnzhSitAAAEAwBHMEUCIDGCwDI34kSR/weFhg+0iJnq BAElBpG2zKC03p+r67pFAiEA3uBALZyvF+oO2ybtoiX9m5r3N8l27KX+HCSB6ouS 2UwwDQYJKoZIhvcNAQELBQADggEBAIgrk9U57pTaokLYXC/KkeqI8FS2fAKuFcmc 8dkwPA38hzEE2Z5hYwNyE8KZLfOll/Yjc0Of7/w8z0U6oTGOy08aa9meoU6jhNc3 4++SbCWVqKLtg/3Wnj8qlaED+btsIqrDhzS0ukszTSpNh3oXSeKADh10lai6eGDm Ys9JoKRsQoWK1Ej/byHvVG+l3hCJSI0qYmTvMKzk2JcrEVLw2KgXAbC9GPqZ8M4+ tw+iKf4JsTGH68Wxx+IpCmlQe07gYhYVTsL89+T5oAFMctzz1CQbEp946izs1aVs 1b2AkVAwmSDQm/luZu1GeluV8moa/6lALHw5sXA/JlHyunXZEvs= -----END CERTIFICATE-----
Then check if the certificate information is valid:Use Java keytool to import the certificate to the Java instance:
Note that
changeit
is the default password for every Java cacert repository. If you change it (and you should), you have to provide a proper password.Use the following Java snippet to check if the certificate was imported successfully and if Java can connect to the server:
If using multiple Java instances and versions, always make sure you use keytool from the proper instance, absolute paths in the commands, etc. Also, the certificate should be imported to JRE under the JDK folder.
IntegrationManager version 5.8.0