Using SSL certificate in Jaspersoft Studio 5.5


A User had configured his JasperReports Server using SSL and had no problem accessing the application through the web UI or iReport Designer with HTTPS calls. But, when trying the HTTPS connection in Jaspersoft Studio v5.5, the user got the following exception: PKIX path building failed: unable to find valid certification path to requested target


Jaspersoft Studio uses a specific holder for its security certificate. The location is the Jaspersoft Studio Professional-5.5.0 root, \final\features\jre.win32.win32.x86_64.feature_1.7.0.u25\jre\lib\security directory.


After importing the certificate into Jaspersoft Studio Professional-5.5.0 root, \final\features\jre.win32.win32.x86_64.feature_1.7.0.u25\jre\lib\security directory, the user will be able to make HTTPS calls to the server and connect successfully. The default cacert keystore password is 'changeit' without quotes.

How to import the certificate

One way to import your appserver's certificate is to use keytool commands, using the keytool.exe found in your Jaspersoft Studio installation directory within a folder similar to \features\jre.win32.win32.x86_64.feature_1.7.0.u67\jre\bin

Run it with 4 params, listed below:

  • -import
  • -alias <provide_an_alias>
  • -file <certificate_file>
  • -keystore <your_path_to_jre with the Jaspersoft Installation dir>/lib/security/cacerts

The -alias can be anything.

The -file needs to be the full path to your certificate file fetched from the server hosting your web access to JRS... like -file c:\tomcat.cer or .crt, .pem, etc.

The -keystore needs to be the full path to your cacerts file, in my case -keystore C:\Program Files\Jaspersoft\Jaspersoft Studio\features\jre.win32.win32.x86_64.feature_1.7.0.u67\jre\lib\security\cacerts

An example might be: keytool -import -alias tomcatProd -keystore c:/JSS/jre/lib/security/cacerts -file c:/tomcat.cer

If prompted for password enter "changeit", then accept it.

Finally restart JSS.

MacOSX Note:
The default Apple java security keystore is usually located in /Library/Java/Home/lib/security/cacerts. It is also sometimes named 'jssecacerts'. You will need to either:

  • Add your certificate instead to the default Apple keystore
  • Tell Studio to use its own cacert keystore by adding the following JVM options to <jaspersoft studio install dir>/Jaspersoft Studio Professional.ini
    •<path to keystore file>



EXAMPLE (TIBCO Jaspersoft Studio Pro)
Done on Mac OS X 10.11 with jdk 1.8.x and certificate from letsencrypt - on server side apache plays the proxy role to jaspersoft’s tomcat server:
  • where’s the actual home of java jdk (possibly update your jdk first)
    • $ /usr/libexec/java_home
      - /Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home
  • download the server-Certificate (not private key) an den fullchain.pem from your server
    • /letsencrypt/live/
    • /live/
  • Import both files to /Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home/jre/lib/security/cacerts
    • first take a backup of cacerts
    • copy cert.pem & fullchain.pem to /Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home/jre/lib/security/ (if you don’t do this before)
    • cd /Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home/jre/lib/security/
    • sudo keytool -trustcacerts -keystore cacerts -storepass changeit -noprompt -importcert -file fullchain.pem -alias example-com-fullchain
    • sudo keytool -importcert -file cert.pem -keystore cacerts -alias example-com-cert
  • Go to /Applications/TIBCO Jaspersoft Studio Studio Professional.ini (done on Mac OS x 10.11) and add the following two lines at the end of the ini-File