Import an SSL/TLS Certificate to SnapLogic JCC Nodes

Overview

You can generate and import a self-signed SSL/TLS certificate into all the JCC nodes in your Groundplex.

Important: The steps to import the certificate to the JCC node can vary based on the certificate format and the OS.
  1. Obtain the certificate (.pem) file by using SSH.
  2. Import the file into the JCC node. 
     /opt/snaplogic/pkgs/java-version/bin/keytool -import -file path_to_pem_file -alias alias_name_optional -keystore /opt/snaplogic/pkgs/java-version/lib/security/cacerts -vEnter keystore password: changeit

    Example: 

     /opt/snaplogic/pkgs/jre1.8.0_45/bin/keytool -import -file path_to_pem_file -alias alias_name_optional -keystore /opt/snaplogic/pkgs/jre1.8.0_45/lib/security/cacerts -vEnter keystore password: changeit
    Important: The directory path depends on the Java installation directory.
  3. Restart the JCC node process to confirm the import.
  4. To verify that the certificate was imported successfully, list the certificates in the CAcerts file. 
    /opt/snaplogic/pkgs/java-version/bin/keytool -list --keystore /opt/snaplogic/pkgs/java-version/lib/security/cacerts -v+

    Example: 

    /opt/snaplogic/pkgs/jre1.8.0_45/bin/keytool -list --keystore /opt/snaplogic/pkgs/jre1.8.0_45/lib/security/cacerts -v+

While configuring accounts for various Snap Packs, you might encounter the following error message:

        Failed to validate account: Invalid credentials Cause: Could not send Message. (Reason: unable to find valid certification path to requested target; Resolution: Please provide valid credentials.)

If this error occurs, update the CAcert trust store in the SnapLogic JCC nodes to enable a successful SSL/TLS handshake with the target endpoint.

Find the trust store at /opt/snaplogic/pkgs/java-version/lib/security/cacerts, and confirm that the certificate was imported in every node in the Groundplex.