You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

It is advisable to enable HTTPS to encrypt communication.

This article assumes knowledge on HTTPS and certificates.

Runtime

If running the runtime, or any other service in an application server, refer to the documentation of the application server on how to enable HTTPS. For maximum security, we advise to use official certificates that ae published by an official certificate authority. It is also possible to use self signed certificates, but this may lead to extra issues.

Tomcat

See https://tomcat.apache.org/tomcat-10.1-doc/ssl-howto.html

JBoss EAP

See https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0/pdf/configuring_ssltls_in_jboss_eap/red_hat_jboss_enterprise_application_platform-8.0-configuring_ssltls_in_jboss_eap-en-us.pdf

Standalone JAR

See https://docs.spring.io/spring-boot/how-to/webserver.html#howto.webserver.configure-ssl


Self Signed Certificates

When using self signed certificates, Java may give exceptions with a message like this:

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

If this occurs, you need to add the certificate authority (CA) certificate that you used to generate your certificates to <JAVA_HOME>/lib/security/cacerts.

# keytool -import -trustcacerts -alias <myalias> -file <myCaCertificateFile> -keystore <JAVA_HOME>/lib/security/cacerts


  • No labels