[oXygen-user] oXygen-user Digest, Vol 111, Issue 7

David Birnbaum djbpitt at gmail.com
Thu Jan 16 12:23:50 CST 2020 

Dear oxygen-user,

Thank you, Lee, for pointing me toward the online explanation, but it
doesn't help. The instructions seem to have been written for Windows, and I
tried adapting them for MacOS, so perhaps that's the source of my
difficulty. Here are the details:

A few data points:

I see no option when viewing the certificate in either Chrome or Firefox
(by clicking on the security icon to the immediately left of the URL) to
export or save the certificate. The instructions at the link Lee mentioned
say that I should be able to view a certificate from the browser and then
save it to file, but I don't see an option to do that.

The browser accepts the certificate without a question, and doesn't report
it as self-signed. It is reported as issued by "Let's Encrypt Authority X3"
(under "DST Root CA X3"). Only <oXygen/> seems to think that it is
self-signed.

What I tried:

When I browse my Keychain (under System Roots -> Certificates) I see "DST
Root CA X3", and nothing else that comes close to matching what I see when
I view the certificate in Chrome. I guessed that this was what I wanted,
and I exported it from the Keychain, navigated to the JRE folder for
<oXygen/>, adjusted the instructions for MacOS (they were written for
Windows, with backslashes and explicit paths), and ran the import command.
I was notified that "Certificate already exists in system-wide CA keystore
under alias <identrustdstx3> Do you still want to add it to your own
keystore?". I told it "no" and restarted <oXygen/> and was not able to open
the remote URL. So I ran the import again, told it "yes" this time,
restarted <oXygen/>, and got the same error about not being able to open
the URL.

Best,

David

On Thu, Jan 16, 2020 at 1:00 PM <oxygen-user-request at oxygenxml.com> wrote:

> Send oXygen-user mailing list submissions to
>         oxygen-user at oxygenxml.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://www.oxygenxml.com/mailman/listinfo/oxygen-user
> or, via email, send a message with subject or body 'help' to
>         oxygen-user-request at oxygenxml.com
>
> You can reach the person managing the list at
>         oxygen-user-owner at oxygenxml.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of oXygen-user digest..."
>
>
> Today's Topics:
>
>    1. Re: self-signed certificates (Hart, Lee)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 15 Jan 2020 17:25:41 +0000
> From: "Hart, Lee" <hleehart at amazon.com>
> To: "oxygen-user at oxygenxml.com" <oxygen-user at oxygenxml.com>
> Subject: Re: [oXygen-user] self-signed certificates
> Message-ID:
>         <5e20df9778d24e24bfbf3c16dedb7409 at EX13D13UWB003.ant.amazon.com>
> Content-Type: text/plain; charset="utf-8"
>
> I tried opening a file from a URL on a site that uses a self-signed
> certificate. <oXygen/> first asked whether I wanted to allow and trust the
> site, and when I told it that I did, <oXygen/> refused to load it, telling
> me that:
>
> Cannot open the specified file.
> There was a problem establishing the secure HTTPS connection. In case the
> server you are trying to connect to uses self-signed certificates, read the
> 'Troubleshooting HTTPS' section from the user manual.
>  Full error message: sun.security.validator.ValidatorException: PKIX path
> building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>
> I'm running XML Editor 21.1, build 2019120214, with the bundled Java, on
> MacOS Mojave. How do I communicate to <oXygen/> that it should trust this
> site? I tried adding an exception for the site to my Java configuration,
> which didn't help, and I then realized that that was probably because those
> exceptions are for my system Java, and <oXygen/> is using its own.
>
> The instructions at Troubleshooting HTTPS<
> https://www.oxygenxml.com/doc/versions/21.1/ug-author/topics/import-https-server-certificate.html>
> in the user manual seem straightforward – where did you have problems
> following them?
>
> Lee
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.oxygenxml.com/pipermail/oxygen-user/attachments/20200115/5d80001d/attachment-0001.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> oXygen-user mailing list
> oXygen-user at oxygenxml.com
> https://www.oxygenxml.com/mailman/listinfo/oxygen-user
>
>
> ------------------------------
>
> End of oXygen-user Digest, Vol 111, Issue 7
> *******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.oxygenxml.com/pipermail/oxygen-user/attachments/20200116/8a300092/attachment.html>

More information about the oXygen-user mailing list