How do I resolve SSL certificate problems when connecting TEST-GUIDE with third-party systems?


TEST-GUIDE can be connected to third-party systems like issue trackers, application lifecycle management tools or directory services for user authentication.

It is best practice that these connections are encrypted using SSL, e.g. by using the HTTPS protocol. SSL is based on certificate chains. In corporate environments, a custom certificate authority (CA) is commonly present.

SSL problems can result from the root certificate of the corporate’s custom CA not being trusted by the Java environment that TEST-GUIDE uses. Here is how to import certificates into a Windows Java installation in order to trust them:

    • Ask your company’s IT department for the required root and intermediate certificates in the CER format. You may also be able to export them from a web browser or via the Windows Certificate Manager Tool (certmgr.msc) or via OpenSSL e.g.

      • openssl s_client -host -port 443 -prexit -showcerts.

    • Check the certificate’s trustworthiness by inspecting its metadata and fingerprints before proceeding.

    • Open a command window and navigate to the path where above certificates are stored.

    • Run where keytool and copy the path that matches the Java installation that TEST-GUIDE uses.

    • For each certificate, pick a suitable alias from its metadata and run 

      • <path to keytool> -keystore cacerts -importcert -alias <alias for the certificate> -file <filename of the certificate>.

      • The default password is changeit.

For Linux, check with your distribution's documentation whether a similar approach as above can be used or if a distribution-specific certificate management is in place.

  • No labels