Troubleshooting HTTPS
When Oxygen XML Author cannot connect to an HTTPS-capable server, most likely there is no certificate set in the Java Runtime Environment (JRE) that Oxygen XML Author runs into. The following procedure describes how to:
- Export a certificate to a local file using any HTTPS-capable Web browser (for example, Internet Explorer).
- Import the certificate file into the JRE using the keytool tool that comes bundled with Oxygen XML Author.
Note
To make Oxygen XML Author accept a certificate even if it is invalid, open the
Preferences dialog box , go to , and enable the Automatically accept a security certificate,
even if invalid option.
- Export the certificate into a local file
- Point your HTTPS-aware Web browser to the repository URL.
If this is your first visit to the repository it will be displayed a security alert stating that the security certificate presented by the server is not trusted.
Security alert - untrusted certificate
- Go to menu .Internet Options dialog box is opened.
- Select Security tab.
- Select Trusted sites icon.
- Press Sites button.This will open Trusted sites dialog box.
- Add repository URL to Websites list.
- Close the Trusted sites and Internet Options dialog boxes.
- Try again to connect to the same repository URL in Internet Explorer.The same error page as above will be displayed.
- Select Continue to this website option.A clickable area with a red icon and text Certificate Error is added to Internet Explorer address bar.
- Click the Certificate Error area.A dialog box containing a View certificates link is displayed.
- Click the View certificates link.Certificate dialog box is displayed.
- Select Details tab of Certificate dialog box.
- Press Copy to File button.Certificate Export Wizard is started.
- Follow indications of wizard for DER encoded binary X.509 certificate. Save
certificate to local file
server.cer
.
- Point your HTTPS-aware Web browser to the repository URL.
- Import the local file into the JRE running Oxygen XML Author.
- Open a text-mode console with administrative rights.If Oxygen XML Author has been installed in a user's home directory and includes a bundled JRE, administrative rights are not required. In all other cases administrative rights will be required.
- Go to the
lib/security
directory of the JRE running Oxygen XML Author. You find the home directory of the JRE in the java.home property that is displayed in the About dialog box (System properties tab). On Mac OS X systems, thelib/security
directory is usually located in/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
directory.On OS X, if you have installed a distribution of Oxygen XML Author that is not bundled with a JRE, a JRE from Apple is required. The Apple Java version 1.6 stores the certificates in/System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts
with a symbolic link pointing to it from/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts
.On OS X, if you have installed a distribution of Oxygen XML Author that bundles the JRE from Oracle, the JRE uses the.install4j/jre.bundle/Contents/Home/jre/lib/security/cacerts
path within its installation directory. - Run the following command:
..\..\bin\keytool -import -trustcacerts -file server.cer -keystore cacerts
Theserver.cer
file contains the server certificate, created during the previous step. keytool requires a password before adding the certificate to the JRE keystore. The default password is changeit. If someone changed the default password, then that person is the only one who can perform the import.Tip
If you need to import multiple certificates, you need to specify a different alias for each additional imported certificate with the-alias
command line argument, as in the following example:..\..\bin\keytool -import -alias myalias1 -trustcacerts -file server1.cer -keystore cacerts ..\..\bin\keytool -import -alias myalias2 -trustcacerts -file server2.cer -keystore cacerts
- Open a text-mode console with administrative rights.
- Restart Oxygen XML Author.