A User had configured his JasperReports Server using SSL and had no problem accessing the application through the web UI or iReport Designer with HTTPS calls. But, when trying the HTTPS connection in Jaspersoft Studio v5.5, the user got the following exception:
Table of Contents
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Jaspersoft Studio uses a specific holder for its security certificate. The location is the Jaspersoft Studio Professional-5.5.0 root, \final\features\jre.win32.win32.x86_64.feature_1.7.0.u25\jre\lib\security directory.
After importing the certificate into Jaspersoft Studio Professional-5.5.0 root, \final\features\jre.win32.win32.x86_64.feature_1.7.0.u25\jre\lib\security directory, the user will be able to make HTTPS calls to the server and connect successfully. The default cacert keystore password is 'changeit' without quotes.
How to import the certificate
One way to import your appserver's certificate is to use keytool commands, using the keytool.exe found in your Jaspersoft Studio installation directory within a folder similar to \features\jre.win32.win32.x86_64.feature_1.7.0.u67\jre\bin
Run it with 4 params, listed below:
- -alias <provide_an_alias>
- -file <certificate_file>
- -keystore <your_path_to_jre with the Jaspersoft Installation dir>/lib/security/cacerts
The -alias can be anything.
The -file needs to be the full path to your certificate file fetched from the server hosting your web access to JRS... like -file c:\tomcat.cer or .crt, .pem, etc.
The -keystore needs to be the full path to your cacerts file, in my case -keystore C:\Program Files\Jaspersoft\Jaspersoft Studio Professional-5.6.1.final\features\jre.win32.win32.x86_64.feature_1.7.0.u67\jre\lib\security\cacerts
An example might be: keytool -import -alias tomcatProd -keystore c:/JSS/jre/lib/security/cacerts -file c:/tomcat.cer
If prompted for password enter "changeit", then accept it.
Finally restart JSS.
The default Apple java security keystore is usually located in /Library/Java/Home/lib/security/cacerts. It is also sometimes named 'jssecacerts'. You will need to either:
- Add your certificate instead to the default Apple keystore
- Tell Studio to use its own cacert keystore by adding the following JVM options to <jaspersoft studio install dir>/Jaspersoft Studio Professional.ini
- -Djavax.net.ssl.trustStore=<path to keystore file>
- where’s the actual home of java jdk (possibly update your jdk first)
- $ /usr/libexec/java_home
- $ /usr/libexec/java_home
- download the server-Certificate (not private key) an den fullchain.pem from your server
- Import both files to /Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home/jre/lib/security/cacerts
- first take a backup of cacerts
- copy cert.pem & fullchain.pem to /Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home/jre/lib/security/ (if you don’t do this before)
- cd /Library/Java/JavaVirtualMachines/jdk1.8.0_66.jdk/Contents/Home/jre/lib/security/
- sudo keytool -trustcacerts -keystore cacerts -storepass changeit -noprompt -importcert -file fullchain.pem -alias example-com-fullchain
- sudo keytool -importcert -file cert.pem -keystore cacerts -alias example-com-cert
- Go to /Applications/TIBCO Jaspersoft Studio 6.2.0.final Pro.app/Contents/Eclipse/Jasper Studio Professional.ini (done on Mac OS x 10.11) and add the following two lines at the end of the ini-File
Log in or register to post comments