I setup a few devices on my local network that I was integrating into HE. These devices use HTTPS and I installed a Let's Encrypt! signed cert. Unfortunately HE doesn't have their root CA cert in the truststore so I get:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Seeing as how these are trusted by every major browser these days, could they be added to HE?
I’m away at the moment and can’t do the research to back my gut feeling, but it doesn’t sound right. I have created my own CA, like a zillion techies, and it certainly is NOT known by any browser in the known universe. Yet adding my generated Cert & key was all I needed to do. I was quite willing to append my root and intermediate certs, but it wasn’t needed. I had to add the root+ intermediate to my browsers and systems to get everything perfect, of course.
The browser should ask the hub for your cert and then find the chain in your system/browser. If not, yes it goes back to the hub to get the remainder.
When I return if there’s not a better answer here I’ll get some research to explain my hypothesis
I’m referring to connecting to an http server such as through a web request in RM or an httpGet call in groovy. Not installing a cert on the hub which you’re right works fine.
If you call httpGet to a server using let’s encrypt it fails unless you set the ignore ssl errors flag.