When applying certificates into Analyze, it is sometimes necessary to import each level in the certificate chain into the Analyze truststore. In these cases you'll see an error message like this when running the HTTP node:
Request: https://xxx.xxx.xxx failed with network error:
javax.net.ssl.SSLHandshakeException: None of the loaded truststores trust this certificate
Steps to import each level (this example assumes the use of Chrome browser):
1) Download each level of the cert via the web browser & click " Certificate "
- click on the lock icon to view the site information
- click on the 'Connection is secure' item to show the connection details
- click on the 'Connection is valid' item to show the certificate
- click on the 'Certification Path' tab
- select the first certificate in the path
- click the 'View Certificate' button, a new window will appear
- click the 'Details' tab
- click 'Copy to File...' button, the Certificate Export Wizard will be displayed
- click the 'Next' button
- select the 'Base-64 encoded X.509 (.CER)' format and click the 'Next' button
- in the 'File to Export' page of the wizard, click the 'Browse...' button
- in the 'Save As' dialog browse to the required directory, enter a name for the certificate and click the 'Save' button
- in the 'File to Export' page of the wizard, click the 'Next' button
- click the 'Finish' button
- click the 'OK' button in the 'Export was successful' pop-up window
- click 'Ok' in the Certificate dialog.
Repeat the above for each level
2) Move the downloaded SSL cert to the Analyze server
3) Open command prompt as admin and navigate to <Analyze install dir>/jre/bin/
4) Repeat this step for each cert in the path so that you import all certs to cacerts...
Run the command below, replacing the file path and name below with your cert's location and name.
The keystore location and password are already correct in the command below, so no changes are needed there.
keytool -import -file "C:/Users/<username>/Desktop/data360 test.cer" -alias certname -keystore ../jre/lib/security/cacerts -storepass changeit
5) Type yes when it asks to trust/import the cert
6) The output should read Certificate was added to keystore if successful
7) Retest the HTTP node