Certificates

Certificates

InterFormNG2 Secure Connection Requirements and Certificate Management

InterFormNG2 offers various integrations with other systems. Some of these integrations require a secure connection encrypted with TLS.
If the service we integrate with requires a secure connection using HTTPS, SMTPS, or SMTP/startTLS, then InterFormNG2 requires a valid and trusted certificate in the Java runtime environment.

Certificate Validation Requirement
If the certificate is invalid or not trusted, you may encounter an error message such as:
Warning
PKIX path building failed... Unable to find valid certification path to requested target

If the target server is hosted on-premise, we highly recommend obtaining a certificate from a trusted certificate authority (CA) and installing it on the target server.

Alternativ​e Solution

Alternatively, you may install the untrusted certificate into the Java runtime trust store (cacerts).
However, this procedure is NOT covered by the InterForm support agreement.

Checking Trusted Certificate Authorities in Java

To see a list of all certificate authorities trusted by Java, run the following command in the JAVA_HOME directory:
keytool -keystore "jre\lib\security\cacerts" \
    -storepass changeit \
    -list
In a standard Windows installation of InterFormNG2, the JAVA_HOME directory is the same as the InterFormNG2 installation directory.

Integrations Requiring a Valid Certificate

The following integrations may require a valid certificate on the target server:
  1. E-mail Server
  2. ActiveMQ
  3. IBM MQ
  4. InterSigning
  5. Office365 SharePoint
  6. Nextway Next
  7. d.velop documents
  8. eSignAnyWhere
  9. DigitalSign
  10. IDM

Self-Signed Certificates Policy

Self-signed certificates are NOT covered by the standard InterForm support agreement.
If assistance is required for self-signed certificates, support may be provided as a paid service.

Handling "PKIX path building failed" Error

If you encounter an error similar to:
Warning
PKIX path building failed: XXXX: unable to find valid certification path to requested target.

One possible solution is to install the certificate in the Java runtime trust store (cacerts).

Important Notes Before Proceeding

  1. Backup the cacerts file before installation.
  2. Consult your system administrator before making changes, as this affects the entire machine.
  3. You will need to reinstall the certificate if Java is upgraded in the future.
  4. InterForm is not responsible for any issues arising from executing the steps below.

Installing a Certificate on IBM i (AS/400)

Step 1: Start QSHELL

Run the following command to start QSHELL:
STRQSH

Step 2: Install the Certificate

Execute the following command, replacing the file path and alias as needed:
keytool -import \
    -file /home/mydir/ca.cer \
    -alias CertAuth \
    -keystore /QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre/lib/security/cacerts \
    -storepass changeit \
    -noprompt
Parameters:
/home/mydir/ca.cer → Replace with the actual path and filename of the certificate.
/QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre/lib/security/cacerts → Path to the Java runtime trust store.

    Notice: Help Center Transition Update

    As of January 13, 2025, we are excited to announce that our new Help Center is in the final stages of development. While the Knowledge Base is already accessible, our current JIRA system will continue to manage support tickets during this transition period. For assistance with InterForm Output Management Software, please refer to the Support for InterForm Output Management Software.

    We appreciate your patience and understanding as we work to enhance your support experience. If you have any questions or encounter any issues, please do not hesitate to reach out via the existing support channels.

    Best regards,
    The InterForm Support Team


      • Related Articles

      • Others library

        You can use the others section of the library for other resources e.g. digital certificates, that are used for digitally signing PDF files.

      • Delete resource

        This workflow component deletes a resource from the Library. Related workflow components are: List resources, Resource to payload, Resource to attachment and Save in resources. An example of how this can be used with the List resources can be found ...

      • Resource to payload

        The shortcut workflow resource to payload can be used for exchanging the normal payload of the workflow with a resource found in the InterFormNG2 resource library. This can e.g. be used for using an XML resource file instead of the XML file, that ...

      • Resource to attachment

        You can attach any file from the NG2 resources as an attachment to an email with the workflow component, Resource to attachment. The email can later e.g. be emailed or saved with this resource with either of the components, Create PDF email or Create ...

      • HTTPS enabling

        During installation you were asked to select the access protocol for the application as either HTTP or HTTPS. If you selected HTTPS then all communication between the browser and the application will be encrypted. Using HTTPS is recommended when ...