If Oxygen XML Author Eclipse plugin cannot connect to an HTTPS-capable server and
an error message appears stating that it is "unable to find a valid certification path to the
requested target", the HTTPS server is most likely either configured to use a self-signed
certificate or to use a certificate issued by an unknown authority that the Java Runtime
Environment (JRE) used by Oxygen XML Author Eclipse plugin does not trust.
Note: For Windows, starting with version 26.0, by default, Oxygen XML Author Eclipse plugin uses the
trusted root certificates from the Windows certificate store instead of the JRE cacerts store.
To trust a certificate, the root certificate should be imported in the Windows Trusted Root
certificates store.
Tip: To make
Oxygen XML Author Eclipse plugin accept a certificate
even if it is invalid,
open the
Preferences dialog box , go to , and select the
Automatically accept a security certificate, even
if invalid option.
Notice: This Automatically accept a security certificate, even
if invalid option does not influence the entire Eclipse workspace. It is
limited to URLs that are opened directly by Oxygen XML Author Eclipse plugin.
To trust a certificate, follow this procedure:
- Export a certificate into a local file using any HTTPS-capable web
browser:
Chrome or Edge
- Navigate to the page that uses the certificate.
- Right-click the page and select
Inspect.
- Select the Security tab.
- Click View
Certificate.Step Result: A
Certificate dialog box is displayed.
- Select the Details tab of the
Certificate dialog box.
- Click the Export button.
- In the resulting dialog box, for the Save as
type option, select DER-encoded binary, single certificate
(*.der).
- Save the certificate to the local file
server.der.
Safari
- Navigate to the page that uses the certificate.
- If there is a "This connection is not private" message,
click Show Details and in the expanded panel, click view the
certificate.
- Otherwise, in the address bar, click the padlock icon
on the left side of the website name and in the displayed pop-up, click Show
Certificate.
- Another pop-up box is displayed showing information about the
certificate. Drag the large certificate icon to a
Finder window. A .cer file will be created in
the indicated folder from Finder.
- Import the local file into the JRE running Oxygen XML Author Eclipse plugin:
- Open a text-mode console with administrative
rights.If Oxygen XML Author Eclipse plugin has been installed in a user's home
directory and includes a bundled JRE, administrative rights are not required. In all
other cases, administrative rights will be required.
- Go to the lib/security directory of the JRE
running Oxygen XML Author Eclipse plugin. You can find the home directory of the JRE in the
java.home property that is displayed in the About
dialog box ().
Note: On macOS, for the distribution of Oxygen XML Author Eclipse plugin
that bundles the JRE from Oracle, the JRE uses the
.install4j/jre.bundle/Contents/Home/jre/lib/security/cacerts
path within its installation directory.
- Run the following
command:
..\..\bin\keytool -import -trustcacerts -file server.cer -keystore cacerts
The
server.cer file contains the server certificate, created
during the previous step. The keytool requires a password before adding
the certificate to the JRE keystore. The default password is
changeit. If someone changed the default password, then
that person is the only one who can perform the import.Tip: If you need to import multiple certificates, you need to
specify a different alias for each additional imported certificate with the
-alias command-line argument, as in the following example:
..\..\bin\keytool -import -alias myalias1 -trustcacerts -file
server1.cer -keystore cacerts
..\..\bin\keytool -import -alias myalias2 -trustcacerts -file
server2.cer -keystore cacerts
- Restart Oxygen XML Author Eclipse plugin.