Edit online

Troubleshooting HTTPS

If Oxygen JSON Editor cannot connect to an HTTPS-capable server and an error message appears stating that it is "unable to find a valid certification path to the requested target", the HTTPS server is most likely either configured to use a self-signed certificate or to use a certificate issued by an unknown authority that the Java Runtime Environment (JRE) used by Oxygen JSON Editor does not trust.

Note: For Windows, starting with version 26.0, by default, Oxygen JSON Editor uses the trusted root certificates from the Windows certificate store instead of the JRE cacerts store. To trust a certificate, the root certificate should be imported in the Windows Trusted Root certificates store.
Tip: To make Oxygen JSON Editor accept a certificate even if it is invalid, open the Preferences dialog box (Options > Preferences), go to Connection settings > HTTP(S)/WebDAV, and select the Automatically accept a security certificate, even if invalid option.

To trust a certificate, follow this procedure:

  1. Export a certificate into a local file using any HTTPS-capable web browser:
    Chrome or Edge
    1. Navigate to the page that uses the certificate.
    2. Right-click the page and select Inspect.
    3. Select the Security tab.
    4. Click View Certificate.Step Result: A Certificate dialog box is displayed.
    5. Select the Details tab of the Certificate dialog box.
    6. Click the Export button.
    7. In the resulting dialog box, for the Save as type option, select DER-encoded binary, single certificate (*.der).
    8. Save the certificate to the local file server.der.
    Safari
    1. Navigate to the page that uses the certificate.
    2. If there is a "This connection is not private" message, click Show Details and in the expanded panel, click view the certificate.
    3. Otherwise, in the address bar, click the padlock icon on the left side of the website name and in the displayed pop-up, click Show Certificate.
    4. Another pop-up box is displayed showing information about the certificate. Drag the large certificate icon to a Finder window. A .cer file will be created in the indicated folder from Finder.
  2. Import the local file into the JRE running Oxygen JSON Editor:
    1. Open a text-mode console with administrative rights.If Oxygen JSON Editor has been installed in a user's home directory and includes a bundled JRE, administrative rights are not required. In all other cases, administrative rights will be required.
    2. Go to the lib/security directory of the JRE running Oxygen JSON Editor. You can find the home directory of the JRE in the java.home property that is displayed in the About dialog box (System properties tab).
      Note: On macOS, for the distribution of Oxygen JSON Editor that bundles the JRE from Oracle, the JRE uses the .install4j/jre.bundle/Contents/Home/jre/lib/security/cacerts path within its installation directory.
    3. Run the following command:
      ..\..\bin\keytool -import -trustcacerts -file server.cer -keystore cacerts
      The server.cer file contains the server certificate, created during the previous step. The keytool requires a password before adding the certificate to the JRE keystore. The default password is changeit. If someone changed the default password, then that person is the only one who can perform the import.
      Tip: If you need to import multiple certificates, you need to specify a different alias for each additional imported certificate with the -alias command-line argument, as in the following example:
      ..\..\bin\keytool -import -alias myalias1 -trustcacerts -file 
      server1.cer -keystore cacerts
       
      ..\..\bin\keytool -import -alias myalias2 -trustcacerts -file 
      server2.cer -keystore cacerts 
  3. Restart Oxygen JSON Editor.