# Google Analytics

Resolving SSL certificate issues when deploying a process

Problem

When deploying an automation process from the iGrafx Platform to your iGrafx Process Automation tool, you might encounter an error message, which is accompanied by the following or similar error in your server logs

2022-03-25 09:47:17 ERROR GlobalExceptionResolver - PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This happens when the iGrafx Process Automation server is running on https/SSL protocol but the iGrafx Platform does not trust the certificate that is used.

Solution

To allow the platform to successfully connect to the Automation server, the SSL certificate used by the Automation server needs to be added to the trust keystore of the iGrafx Platform installation. To do so, follow these steps:

  1. Find the openjdk-11.x.y\lib\security directory in your iGrafx Platform installation folder (adjust for the actual JDK version)
  2. Copy the certificates you are using on the automation server into this folder
  3. Open a command line within the security  folder
  4. Run the following command to import the certificate, using your certificate name and type, or adjust as needed based on the keytool documentation and your key/certificate format:
    https://docs.spring.io/spring-security-saml/docs/current/reference/html/security.html#configuration-key-management-private-keys

    ..\..\bin\keytool.exe -importkeystore -srckeystore samplecert.pfx -srcstoretype PKCS12 -destkeystore cacerts -deststoretype JKS



    The standard keystore password the cacerts file is changeit 

  5. Restart your iGrafx Platform
  6. You are now be able to deploy to your Automation server

(info) Alternatively, you might need to import the Certificate Authority certificate (CA certificate) or other intermediate or server certificates in step 4, which can be achieved with the following command, if the certificate is for example in a DER encoded file named rootca.cer 

..\..\bin\keytool.exe -import -alias rootca -file rootca.cer -keystore cacerts