InterFormNG2 offers a number of integrations to other systems. Some of these integrations rely on a secure connection that is encrypted with TLS.
If the service that we integrate to requires a secure connection with HTTPS, SMTPS or SMTP/startTLS protocol, then it is required by InterFormNG2 that the service we integrate to, uses a certificate that is valid and trusted by the Java runtime environment.
If the certificate is invalid or not trusted, then you may see an error message that says something like: "PKIX path building failed... Unable to find valid certification path to requested target".
If the target server is hosted on premise, then we highly recommend that you obtain a certificate from a trusted certificate authority and install it on the target server.
As an alternative, it may be possible to install the untrusted certificate in the Java runtime trust store (cacerts). However, this procedure is NOT covered by the InterForm support agreement.
You can see a list of all certificate authorities trusted by Java, by running the below command in the JAVA_HOME directory (in a standard Windows installation of InterFormNG2 then this will be the same as the InterFormNG2 installation directory).
keytool -keystore "jre\lib\security\cacerts" -storepass changeit -list
Integrations that may require a valid certificate on the target server include at least:
• E-mail server
• ActiveMQ
• IBM MQ
• InterSigning
• Office365 SharePoint
• Nextway Next
• d.velop documents
• eSignAnyWhere
• DigitalSign
• IDM
Self signed certificates are not covered by normal InterForm support
Self signed certificates are not covered by the InterForm support agreement. If you need help to install and use self signed certificates, then we might be able to help, but the time used for this will be invoiced.
Here however is a suggestion of how you can solve an error message similar to:
PKIX path building failed: XXXX: unable to find valid certification path to requested target.
A solution is to install it in the Java runtime trust store (cacerts). It is a good idea to backup this file before you install the certificate. Please verify with your system administrator before doing this, as this has effect on the whole machine and execute the commands below at your own risk. InterForm cannot be held responsible for any issues linked directly or indirectly to executing the commands below.
Please notice, that you will need to install the certificate again, if you later upgrade Java.
If you want to do that, then you can do it with these commands on the IBM i platform:
Start QSHELL with the command:
STRQSH
Then run this command:
keytool -import -file /home/mydir/ca.cer -alias CertAuth -keystore
/QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre/lib/security/cacerts -storepass changeit -noprompt
Where
/home/mydir/ca.cer should replaced with the path (including the file name) of the certificate, that you want to install in Java.
and
/QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre/lib/security/cacertsm is the path to the Java runtime trust store, that you want to install it in.
