Issues relating to SSL Certificate to allow TIBCO Jaspersoft® Studio to connect to a server using HTTPS

  1. When trying to use TIBCO Jaspersoft® Studio to create and test a new "Server Connection" through  HTTPS, user got the following error:

javax.net.ssl.SSLHandshakeException:

sun.security.validator.ValidatorException:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:

unable to find valid certification path to requested target

 

What this error means is that user is trying to connect to a resource that requires SSL connection. User should review TIBCO JasperReports® Server Security Guide document, section 3.7.1 "Setting Up an SSL Certificate" to help understand the concept of server connection using SSL certificate. User needs to import the same certificate used in the server deployment to allow SSL connection between their server and JSS Java client. Please refer to the following customer wiki article for detail steps to fix this error.

http://community.jaspersoft.com/wiki/using-ssl-certificate-jaspersoft-studio-55

This will make user's JVM trust a self signed certificate therefore allowing Jaspersoft Studio to connect to the secured resource. The approach mentioned in the article should work with any version of TIBCO Jaspersoft Studio application.

 

  1. Following the instruction in the above article, user got the following error when trying to import user’s application server's certificate using keytool commands:

keytool error: java.io.FileNotFoundException:

C:\Program Files\TIBCO\Jaspersoft Studio Professional-6.2.1.final\features\jre.win32.win32.x86_64.feature_1.8.0.u74\jre\lib\security (Access is denied)

 

The "Access is denied" error is actually caused by user’s import command trying to write the imported certificate to the folder "... \jre\lib\security"; Changing the -keystore save location to the FILE "... \jre\lib\security\cacerts" resolved the error.

 

  1. User got the following error when trying to run the import command:

keytool error: java.lang.Exception: Input not an X.509 certificate

 

The error indicates the file used to import the certificate is not a X.509 certificate. User needs to make sure to use the correct certificate file from server deployment to run import. For example:

keytool -import -alias tomcat -keystore "C:\Program Files\TIBCO\Jaspersoft Studio Professional-6.2.1.final\features\jre.win32.win32.x86.feature_1.8.0.u74\jre\lib\security\cacerts" -file C:\Users\Default\Downloads\cert\myserver.cer


TTC-20161031-71943

Feedback
randomness