Connecting with Modelix MPS plugin to a model repository through a webserver that has a custom SSL certificate

If you try to connect using the Cloud tool window of Modelix to a model repository that is served through a web server that has a custom SSL certifcate (something that would be typical to a company-internal webserver), then (at least at the moment of this writing), you will get an exception from the Modelix MPS plugin, saying something along the lines of:

ERROR - org.modelix.model.mpsplugin.CloudRepository - Failed to connected to
java.lang.RuntimeException: Unable to get the clientId by querying
at org.modelix.model.client.RestWebModelClient.getClientId(RestWebModelClient.kt:104)
at org.modelix.model.client.RestWebModelClient.(RestWebModelClient.kt:400)
at org.modelix.model.mpsplugin.CloudRepository$
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(
at java.base/java.util.concurrent.ThreadPoolExecutor$
at java.base/
Caused by: PKIX path building failed: unable to find valid certification path to requested target

The way to solve this is:

  1. Get from
  2. Run, with your hostname and https port (you can either do javac and then java InstallCert, or since java 11, you can do java --source 11 directly), and press 1 when asked for input. This will add your localhost as a trusted keystore and generate a file called jssecacerts. It will throw an exception because your certificate is not yet in the store.
  3. Run again to verify that the certificate is now added to the store: the connection should be OK and there should be no exceptions.
  4. Copy the generated jssecacerts file to your $MPS_HOME/jbr/lib/security folder.

Credits for the fix go to this blog post by mkyong:

If you are still here, the following is an explanation of why you had to do what you had to do: the issue is that the REST communication API used in Modelix (JAX-RS) doesn’t use the standard /lib/security/cacert store, but rather the /lib/security/jssacert store to make custom certificates work when connecting Modelix MPS client plugin with a Modelix model repository that is served on a web-server with a custom SSL certificate. Therefore, the standard way of importing into cacerts will not work.

Leave a Comment