If you try to connect using the Cloud tool window of Modelix to a model repository that is served through a web server that has a custom SSL certifcate (something that would be typical to a company-internal webserver), then (at least at the moment of this writing), you will get an exception from the Modelix MPS plugin, saying something along the lines of:
ERROR - org.modelix.model.mpsplugin.CloudRepository - Failed to connected to https://address.to.your.modelrepo/model/
java.lang.RuntimeException: Unable to get the clientId by querying https://address.to.your.modelrepo/model/counter/clientId
Caused by: javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The way to solve this is:
InstallCert.java, with your hostname and https port (you can either do
javac InstallCert.javaand then
java InstallCert, or since java 11, you can do
java --source 11 InstallCert.javadirectly), and press
1when asked for input. This will add your localhost as a trusted keystore and generate a file called
jssecacerts. It will throw an exception because your certificate is not yet in the store.
InstallCert.javaagain to verify that the certificate is now added to the store: the connection should be OK and there should be no exceptions.
- Copy the generated
jssecacertsfile to your
Credits for the fix go to this blog post by mkyong: https://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/.
If you are still here, the following is an explanation of why you had to do what you had to do: the issue is that the REST communication API used in Modelix (JAX-RS) doesn’t use the standard /lib/security/cacert store, but rather the /lib/security/jssacert store to make custom certificates work when connecting Modelix MPS client plugin with a Modelix model repository that is served on a web-server with a custom SSL certificate. Therefore, the standard way of importing into cacerts will not work.