Please Add Trust for Let's Encrypt! Signed Certs

I setup a few devices on my local network that I was integrating into HE. These devices use HTTPS and I installed a Let's Encrypt! signed cert. Unfortunately HE doesn't have their root CA cert in the truststore so I get:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Seeing as how these are trusted by every major browser these days, could they be added to HE?

2 Likes

I’m away at the moment and can’t do the research to back my gut feeling, but it doesn’t sound right. I have created my own CA, like a zillion techies, and it certainly is NOT known by any browser in the known universe. Yet adding my generated Cert & key was all I needed to do. I was quite willing to append my root and intermediate certs, but it wasn’t needed. I had to add the root+ intermediate to my browsers and systems to get everything perfect, of course.

The browser should ask the hub for your cert and then find the chain in your system/browser. If not, yes it goes back to the hub to get the remainder.

When I return if there’s not a better answer here I’ll get some research to explain my hypothesis

I’m referring to connecting to an http server such as through a web request in RM or an httpGet call in groovy. Not installing a cert on the hub which you’re right works fine.

If you call httpGet to a server using let’s encrypt it fails unless you set the ignore ssl errors flag.

2 Likes

Any update on getting this working>