Certificates

Certificates

InterFormNG2 offers a number of integrations to other systems. Some of these integrations rely on a secure connection that is encrypted with TLS.

If the service that we integrate to requires a secure connection with HTTPS, SMTPS or SMTP/startTLS protocol, then it is required by InterFormNG2 that the service we integrate to, uses a certificate that is valid and trusted by the Java runtime environment.

 

If the certificate is invalid or not trusted, then you may see an error message that says something like: "PKIX path building failed... Unable to find valid certification path to requested target".

If the target server is hosted on premise, then we highly recommend that you obtain a certificate from a trusted certificate authority and install it on the target server.

As an alternative, it may be possible to install the untrusted certificate in the Java runtime trust store (cacerts). However, this procedure is NOT covered by the InterForm support agreement.

 

You can see a list of all certificate authorities trusted by Java, by running the below command in the JAVA_HOME directory (in a standard Windows installation of InterFormNG2 then this will be the same as the InterFormNG2 installation directory).

keytool -keystore "jre\lib\security\cacerts" -storepass changeit -list

 

Integrations that may require a valid certificate on the target server include at least:

• E-mail server

• ActiveMQ

• IBM MQ

• InterSigning

• Office365 SharePoint

• Nextway Next

• d.velop documents

• eSignAnyWhere

• DigitalSign

• IDM

 

 

Self signed certificates are not covered by normal InterForm support

Self signed certificates are not covered by the InterForm support agreement. If you need help to install and use self signed certificates, then we might be able to help, but the time used for this will be invoiced.

 

Here however is a suggestion of how you can solve an error message similar to:

PKIX path building failed: XXXX: unable to find valid certification path to requested target.

 

A solution is to install it in the Java runtime trust store (cacerts). It is a good idea to backup this file before you install the certificate. Please verify with your system administrator before doing this, as this has effect on the whole machine and execute the commands below at your own risk. InterForm cannot be held responsible for any issues linked directly or indirectly to executing the commands below.

 

Please notice, that you will need to install the certificate again, if you later upgrade Java.

 

If you want to do that, then you can do it with these commands on the IBM i platform:

 

Start QSHELL with the command:

 

STRQSH

 

Then run this command:

 

keytool -import -file /home/mydir/ca.cer -alias CertAuth -keystore 

/QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre/lib/security/cacerts -storepass changeit -noprompt

 

Where

 

/home/mydir/ca.cer should replaced with the path (including the file name) of the certificate, that you want to install in Java.

 

and

 

/QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre/lib/security/cacertsm is the path to the Java runtime trust store, that you want to install it in.

    • Related Articles

    • Others library

      You can use the others section of the library for other resources e.g. digital certificates, that are used for digitally signing PDF files.
    • Delete resource

      This workflow component deletes a resource from the Library. Related workflow components are: List resources, Resource to payload, Resource to attachment and Save in resources. An example of how this can be used with the List resources can be found ...
    • Resource to payload

      The shortcut workflow resource to payload can be used for exchanging the normal payload of the workflow with a resource found in the InterFormNG2 resource library. This can e.g. be used for using an XML resource file instead of the XML file, that ...
    • Resource to attachment

      You can attach any file from the NG2 resources as an attachment to an email with the workflow component, Resource to attachment. The email can later e.g. be emailed or saved with this resource with either of the components, Create PDF email or Create ...
    • HTTPS enabling

      During installation you were asked to select the access protocol for the application as either HTTP or HTTPS. If you selected HTTPS then all communication between the browser and the application will be encrypted. Using HTTPS is recommended when ...