If you try to connect using the Cloud tool window of Modelix to a model repository that is served through a web server that has a custom SSL certifcate (something that would be typical to a company-internal webserver), then (at least at the moment of this writing), you will get an exception from the Modelix MPS plugin, saying something along the lines of:
ERROR - org.modelix.model.mpsplugin.CloudRepository - Failed to connected to https://address.to.your.modelrepo/model/
java.lang.RuntimeException: Unable to get the clientId by querying https://address.to.your.modelrepo/model/counter/clientId
at org.modelix.model.client.RestWebModelClient.getClientId(RestWebModelClient.kt:104)
at org.modelix.model.client.RestWebModelClient.(RestWebModelClient.kt:400)
at org.modelix.model.mpsplugin.CloudRepository$1.run(CloudRepository.java:80)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
8<--------------------------snip-------------------------------------------------
The way to solve this is:
- Get
InstallCert.javafrom https://github.com/escline/InstallCert - Run
InstallCert.java, with your hostname and https port (you can either dojavac InstallCert.javaand thenjava InstallCert, or since java 11, you can dojava --source 11 InstallCert.javadirectly), and press1when asked for input. This will add your localhost as a trusted keystore and generate a file calledjssecacerts. It will throw an exception because your certificate is not yet in the store. - Run
InstallCert.javaagain to verify that the certificate is now added to the store: the connection should be OK and there should be no exceptions. - Copy the generated
jssecacertsfile to your$MPS_HOME/jbr/lib/securityfolder.
Credits for the fix go to this blog post by mkyong: https://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/.
If you are still here, the following is an explanation of why you had to do what you had to do: the issue is that the REST communication API used in Modelix (JAX-RS) doesn’t use the standard /lib/security/cacert store, but rather the /lib/security/jssacert store to make custom certificates work when connecting Modelix MPS client plugin with a Modelix model repository that is served on a web-server with a custom SSL certificate. Therefore, the standard way of importing into cacerts will not work.