Oxygen XML Forum

We are experiencing a problem when downloading a plugin using the Oxygen Xml Install new Add-ons tab.
We have been working on a plugin over the years and it has a custom Certificate, recently the certificate expired and we were in the process of updating it, but stumbled across this error that we were not getting before: It seem to have a problem with the cert found on the plugin, however it was created the same way we have created it before and it never had this issue, not only that but by doing these steps:

Start Oxygen.
Options > Preferences
Go to Network Connection Settings.
Click HTTP(s)/WebDAV
Select "Automatically accept a security certificate, even if invalid"
Click Apply.

The dialog comes up and it shows no problems at all, and that includes letting us check the cert while downloading and we can see that the plugin itself is marked as having a valid certificate.
We have changed the keystore in the plugin many times in the last couple of days, but all of them seem to be working this way.
If the certificate is not the problem, what other reason would provoke this error?

Hi,

A question about this remark:

We have been working on a plugin over the years and it has a custom Certificate

What do you mean by that? Do you mean that the JAR library of the add-on is signed with a custom certificate? Or that the HTTPS server on which the add-on is placed has a custom certificate? Or both?
The error message you attached indicated that Oxygen complains about establishing a connection to your HTTPS server, it does not complain that the JAR library of the add-on was signed incorrectly because in order to download the add-on's Jar library it first needs to established a trusted connection to the HTTPS server where you are hosting the add-on.

The error message you posted looks exactly like the on in our HTTPS troubleshooting section from the Oxygen User's Manual:
https://www.oxygenxml.com/doc/versions/ ... icate.html
Oxygen is a Java application and the Java VM bundled with Oxygen does not seem to accept this certificate you are using on your HTTPS server. In general self signed certificates are not accepted.
What version of Oxygen are you using? From what I remember in newer Oxygen versions the newer Java which is bundled with them accepts even server side HTTPS certificates signed with the free "Let's Encrypt" web site.

The dialog comes up and it shows no problems at all, and that includes letting us check the cert while downloading and we can see that the plugin itself is marked as having a valid certificate.
We have changed the keystore in the plugin many times in the last couple of days, but all of them seem to be working this way.

If after checking "Automatically accept a security certificate, even if invalid" Oxygen is able to download the JAR library and check its own certificate and reports that it's good, then as I mentioned above the problem is not in how the add-on's JAR library was signed but in the certificate your HTTPS server uses.

Regards,
Radu

Hello Radu

Thanks for the quick response.
In this case both the individual jar and the server have their certificate, and we are experiencing this error on oxygen version 17, we also have tried this with both versions 23 and 24 and there is no problem with them, they are capable of downloading the add on with no problems or warnings or any kind.

Thanks and Regards,
Frank

Hi Frank,

Newer Oxygen versions are bundled with newer Java VM's and newer Java VM's are capable of accepting a wider range of certificates.

Regards,
Radu