AS Java Initial Load with HTTPs

In order to encrypt the communication between IDM and AS Java during the Initial load or any other jobs, you may want to use HTTPs instead of HTTP for a JAVA server. However, if you choose the https protocol, you may get an error in Initial Load job. Error message looks like this

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This is because the Java‘s server certificate is not trusted by your IDM java program.  All you need to do is to add server’s (or root) certificate into JRE’s default trust store.

The JRE’s trust store is located under jre/lib/security. The file name is cacerts without extension.

Try command

keytool -importcert -file RootCA.crt -keystore cacerts

re-run the job. You will find the error is gone.

There are other ways to solve the problem. But I guess this is the easiest. The solution is also suitable for communicate with any other HTTPs server or LDAPs server.