Troubleshooting HTTPS
If Oxygen XML Editor cannot connect to an HTTPS-capable server and an error message appears stating that it is "unable to find a valid certification path to the requested target", the HTTPS server is most likely either configured to use a self-signed certificate or to use a certificate issued by an unknown authority that the Java Runtime Environment (JRE) used by Oxygen XML Editor does not trust.
Note: For Windows, starting with version 26.0, by default, Oxygen XML Editor uses the
trusted root certificates from the Windows certificate store instead of the JRE cacerts store.
To trust a certificate, the root certificate should be imported in the Windows Trusted Root
certificates store.
Tip: To make Oxygen XML Editor accept a certificate
even if it is invalid, open the
Preferences dialog box , go to , and select the Automatically accept a security certificate, even
if invalid option.
To trust a certificate, follow this procedure:
- Export a certificate into a local file using any HTTPS-capable web
browser:Chrome or Edge
- Navigate to the page that uses the certificate.
- Right-click the page and select Inspect.
- Select the Security tab.
- Click View Certificate.Step Result: A Certificate dialog box is displayed.
- Select the Details tab of the Certificate dialog box.
- Click the Export button.
- In the resulting dialog box, for the Save as type option, select DER-encoded binary, single certificate (*.der).
- Save the certificate to the local file server.der.
Safari- Navigate to the page that uses the certificate.
- If there is a "This connection is not private" message, click Show Details and in the expanded panel, click view the certificate.
- Otherwise, in the address bar, click the padlock icon on the left side of the website name and in the displayed pop-up, click Show Certificate.
- Another pop-up box is displayed showing information about the certificate. Drag the large certificate icon to a Finder window. A .cer file will be created in the indicated folder from Finder.
- Import the local file into the JRE running Oxygen XML Editor:
- Open a text-mode console with administrative rights.If Oxygen XML Editor has been installed in a user's home directory and includes a bundled JRE, administrative rights are not required. In all other cases, administrative rights will be required.
- Go to the lib/security directory of the JRE
running Oxygen XML Editor. You can find the home directory of the JRE in the
java.home property that is displayed in the About
dialog box (System
properties tab).
Note: On macOS, for the distribution of Oxygen XML Editor that bundles the JRE from Oracle, the JRE uses the .install4j/jre.bundle/Contents/Home/jre/lib/security/cacerts path within its installation directory.
- Run the following
command:
The server.cer file contains the server certificate, created during the previous step. The keytool requires a password before adding the certificate to the JRE keystore. The default password is changeit. If someone changed the default password, then that person is the only one who can perform the import...\..\bin\keytool -import -trustcacerts -file server.cer -keystore cacerts
Tip: If you need to import multiple certificates, you need to specify a different alias for each additional imported certificate with the-alias
command-line argument, as in the following example:..\..\bin\keytool -import -alias myalias1 -trustcacerts -file server1.cer -keystore cacerts ..\..\bin\keytool -import -alias myalias2 -trustcacerts -file server2.cer -keystore cacerts
- Restart Oxygen XML Editor.