Certificate validation issue

0
Hi everyone,   We are developing a Mendix 10.12.10 app in a Windows environment on an internal network (using remote desktop), where we want to integrate other services located on the internal network. A Kerberos authentication layer has been set up and is working.   However, when calling certain SOAP services, we run into certificate validation errors. We are not 100% sure about the correctness of the certificates, but the company for which we are developing the app cannot provide reliable assistance, as in their other (non-Mendix) systems these connections either work automatically or they can disable certificate validation. The error messages we encounter are:   com.mendix.systemwideinterfaces.MendixRuntimeException: java.security.PrivilegedActionException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.mendix.integration.util.PrivilegedUtil$$anonfun$withPrivileged$2.applyOrElse(PrivilegedUtil.scala:16)   or   com.mendix.systemwideinterfaces.MendixRuntimeException: java.security.PrivilegedActionException: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <example> doesn't match any of the subject alternative names: [unknown, something] at com.mendix.integration.util.PrivilegedUtil$$anonfun$withPrivileged$2.applyOrElse(PrivilegedUtil.scala:16)   The questions are: What could be the problem? Is there a possibility to disable certificate validation? During execution from Mendix Studio, should a microflow web service call be able to access the logged-in Windows user's certificates?   Any suggestion or insight would be appreciated as we are kind of stuck for now. Thank you!
asked
1 answers
0

Sounds like the internal network is using self-signed certificates for SSL traffic.  You will need to obtain the root certificate and add it to Studio Pro.  You can do this by opening App Settings and navigating to the Certificates tab and import the certificate.  Note that the certificate is only used when running in Studio Pro, the certificate would need to be added to any non-local environments to the Java keystore.

 

The someone in the IT Department should be able to provide you the root certificate, only the public key is needed.  If they are unable to provide it, use a web browser such as Chrome or Edge and browse to the URL, you can then inspect and export the certificate using the lock icon in the address bar.

 

In some networks, all SSL traffic is decrypted, inspected then re-encrypted with an internal certificate, if this is the case you may also need to add the certificate to the local java keystore on the machine running Studio Pro, I find this is only necessary if you are using Gradle for builds.

answered