Troubleshooting HTTPS

When Oxygen XML Author cannot connect to an HTTPS-capable server, most likely there is no certificate set in the Java Runtime Environment (JRE) that Oxygen XML Author runs into. The following procedure describes how to:

  • Export a certificate to a local file using any HTTPS-capable Web browser (for example, Internet Explorer).
  • Import the certificate file into the JRE using the keytool tool that comes bundled with Oxygen XML Author.

Note

To make Oxygen XML Author accept a certificate even if it is invalid, open the Preferences dialog box (OptionsPreferences), go to Connection settings HTTP(S)/WebDAV, and enable the Automatically accept a security certificate, even if invalid option.

  1. Export the certificate into a local file
    1. Point your HTTPS-aware Web browser to the repository URL.

      If this is your first visit to the repository it will be displayed a security alert stating that the security certificate presented by the server is not trusted.

      Security alert - untrusted certificate

    2. Go to menu ToolsInternet Options.
      Internet Options dialog box is opened.
    3. Select Security tab.
    4. Select Trusted sites icon.
    5. Press Sites button.
      This will open Trusted sites dialog box.
    6. Add repository URL to Websites list.
    7. Close the Trusted sites and Internet Options dialog boxes.
    8. Try again to connect to the same repository URL in Internet Explorer.
      The same error page as above will be displayed.
    9. Select Continue to this website option.
      A clickable area with a red icon and text Certificate Error is added to Internet Explorer address bar.
    10. Click the Certificate Error area.
      A dialog box containing a View certificates link is displayed.
    11. Click the View certificates link.
      Certificate dialog box is displayed.
    12. Select Details tab of Certificate dialog box.
    13. Press Copy to File button.
      Certificate Export Wizard is started.
    14. Follow indications of wizard for DER encoded binary X.509 certificate. Save certificate to local file server.cer.
  2. Import the local file into the JRE running Oxygen XML Author.
    1. Open a text-mode console with administrative rights.
      If Oxygen XML Author has been installed in a user's home directory and includes a bundled JRE, administrative rights are not required. In all other cases administrative rights will be required.
    2. Go to the lib/security directory of the JRE running Oxygen XML Author. You find the home directory of the JRE in the java.home property that is displayed in the About dialog box (System properties tab). On Mac OS X systems, the lib/security directory is usually located in /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home directory.
      On OS X, if you have installed a distribution of Oxygen XML Author that is not bundled with a JRE, a JRE from Apple is required. The Apple Java version 1.6 stores the certificates in /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts with a symbolic link pointing to it from /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts.
      On OS X, if you have installed a distribution of Oxygen XML Author that bundles the JRE from Oracle, the JRE uses the .install4j/jre.bundle/Contents/Home/jre/lib/security/cacerts path within its installation directory.
    3. Run the following command:
      ..\..\bin\keytool -import -trustcacerts -file server.cer -keystore cacerts
      The server.cer file contains the server certificate, created during the previous step. keytool requires a password before adding the certificate to the JRE keystore. The default password is changeit. If someone changed the default password, then that person is the only one who can perform the import.

      Tip

      If you need to import multiple certificates, you need to specify a different alias for each additional imported certificate with the -alias command line argument, as in the following example:

      ..\..\bin\keytool -import -alias myalias1 -trustcacerts -file 
      server1.cer -keystore cacerts
       
      ..\..\bin\keytool -import -alias myalias2 -trustcacerts -file 
      server2.cer -keystore cacerts 

  3. Restart Oxygen XML Author.

Was this helpful?