To connect with HTTPS to a server, that server needs to have a valid SSL certificate. For this to work the certificate, or the authority that issued the certificate needs to be trusted by the server. Usually, certificates used in production environments are issued by Root Certificate Authorities, that are trusted by all major operating systems. But to reduce costs, non-productive environments and internal servers usually use self-signed certificates, or internal Root Certificate Authorities.
To make HTTPS requests to servers that use certificates that aren't already trusted by the operating system, the certificate or Root CA certificate needs to be manually installed in the server.
- If you have OutSystems PaaS, you must contact OutSystems Technical Support to install your Root CA.
- It is recommended that instead this procedure is only used when it is not possible to acquire a certificate issued by a Root Authority that is automatically trusted.
Get the certificate
To get the certificate you can either:
- Ask the vendor for it. You can ask for the Root CA certificate, so you can authorize all the servers you need at once;
- Use a web browser to get the certificate. Access a web page on the server with HTTPS. Then use the web browser options to export the certificate to a .cer file.
Install the certificate
On Microsoft Windows
- Open Microsoft Management Console (Start --> Run --> mmc.exe);
- Choose File --> Add/Remove Snap-in;
- In the Standalone tab, choose Add;
- Choose the Certificates snap-in, and click Add;
- In the wizard, choose the Computer Account, and then choose Local Computer. Press Finish to end the wizard;
- Close the Add/Remove Snap-in dialog;
- Navigate to Certificates (Local Computer)
- Choose a store to import:
- If you have the Root CA certificate for the company that issued the certificate, choose Trusted Root Certification Authorities;
- If you have the certificate for the server itself, choose Other People
- Right-click the store and choose All Tasks --> Import
- Follow the wizard and provide the certificate file you have;
On a Linux distribution
- Place the certificate in the machine. The following commands will assume that it is located in /root/certificate.cer
- As root run:
- source /etc/sysconfig/outsystems
- $JAVA_HOME/bin/keytool -import -alias <give_it_a_name_here> -keystore $JAVA_HOME/jre/lib/security/cacerts -file /root/certificate.cer
- You will probably be asked for a password. If you haven't changed it, the password is "changeit".
- When the tool asks you if you want to trust this certificate, answer "yes".
- restart jboss using the command:
- service jboss-outsystems restart