Troubleshooting HTTPS

When Oxygen XML Editor cannot connect to an HTTPS-capable server, most likely there is no certificate set in the Java Runtime Environment (JRE) that Oxygen XML Editor runs into. The following procedure describes how to:
  • Export a certificate to a local file using any HTTPS-capable Web browser (for example Internet Explorer).
  • Import the certificate file into the JRE using the keytool tool that comes bundled with Oxygen XML Editor.
  1. Export the certificate into a local file
    1. Point your HTTPS-aware Web browser to the repository URL.

      If this is your first visit to the repository it will be displayed a security alert stating that the security certificate presented by the server is not trusted.

      Figure: Security alert - untrusted certificate

    2. Go to menu Tools > Internet Options.
      Internet Options dialog box is opened.
    3. Select Security tab.
    4. Select Trusted sites icon.
    5. Press Sites button.
      This will open Trusted sites dialog box.
    6. Add repository URL to Websites list.
    7. Close the Trusted sites and Internet Options dialog boxes.
    8. Try again to connect to the same repository URL in Internet Explorer.
      The same error page as above will be displayed.
    9. Select Continue to this website option.
      A clickable area with a red icon and text Certificate Error is added to Internet Explorer address bar.
    10. Click the Certificate Error area.
      A dialog box containing a View certificates link is displayed.
    11. Click the View certificates link.
      Certificate dialog box is displayed.
    12. Select Details tab of Certificate dialog box.
    13. Press Copy to File button.
      Certificate Export Wizard is started.
    14. Follow indications of wizard for DER encoded binary X.509 certificate. Save certificate to local file server.cer.
  2. Import the local file into the JRE running Oxygen XML Editor.
    1. Open a text-mode console with administrative rights.
    2. Go to the lib/security directory of the JRE running Oxygen XML Editor. You find the home directory of the JRE in the java.home property that is displayed in the About dialog box (System properties tab). On Mac OS X systems, the lib/security directory is usually located in /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home directory.
    3. Run the following command: 
      ..\..\bin\keytool -import -trustcacerts -file server.cer -keystore cacerts
      The server.cer file contains the server certificate, created during the previous step. keytool requires a password before adding the certificate to the JRE keystore. The default password is changeit. If somebody changed the default password then he is the only one who can perform the import.
      Note: To make Oxygen XML Editor accept a certificate even if it is invalid, open the Preferences dialog box, go to Connection settings > HTTP(S)/WebDAV, and enable the Automatically accept a security certificate, even if invalid option.
      Tip: If you need to import multiple certificates, you need to specify a different alias for each additional imported certificate with the -alias command line argument, like in the following example:
      ..\..\bin\keytool -import -alias myalias1 -trustcacerts -file server1.cer -keystore cacerts 
..\..\bin\keytool -import -alias myalias2 -trustcacerts -file server2.cer -keystore cacerts
  3. Restart Oxygen XML Editor.
Parent topic: WebDAV over HTTPS
Previous topic: WebDAV over HTTPS
Next topic: HTTP Authentication Schemes
Related information
HTTP(S)/WebDAV Preferences