Page Comparison

If you're seeing errors in the weave.log file like:

...

PKIX exception output

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

...

To have Weave ignore the certificates you have to set a system property called weave.ignoretls, this property should be set to a comma separated list of host name that should have their certificates automatically accepted, to accept a group of hosts you can use an * in the name.

...

Setting the property to ignore a group of internal servers and one external server

-Dweave.ignoretls=*.internal.mycompany.com,maps.theircompany.com

...

...

...

...

Step-by-step guide

1. Download and install the Portecle application onto the server that runs Weave. For this example we'll download the portecle.zip file and assume it's been unzipped into the c:\temp directory (the current version of Portecle at the time of writing is 1.11, which is included in the paths within the .zip file).
   
   

2. Start the Portecle application in the same way you'd start a Weave updater. You may be able to double click on the portecle.jar file but if that doesn't work you'll need open a command prompt and start it manually, e.g. assuming Weave is installed at c:\weave\ and Portecle has been extracted to c:\temp\portecle-1.11\ you can open cmd.exe and run java.exe with the -jar option and the path to the portecle.jar file

   Code Block

...

1. C:\Users\sforbes> c:\weave\jre\bin\java.exe -jar c:\temp\portecle-1.11\portecle.jar

   
   
   

2. Select the 

...

1. Examine menu and then click

...

1.  Examine SSL/TLS Connection:

...

1. ---

   Image Added

   
   
   

2. Enter the SSL Host and Port of the target system. In this example we're looking at google.com but it'll likely be the name of your ArcGIS Server host, the weave.log file should provide the information just before the PKIX exception (note that if the information in the log does not report a port number then it's is probably 443):
   

...

1. 
   

   ---

   Image Added

   
   
   

2. Wait for it to load, then select the public certificate and click on PEM (you will likely only have a single certificate to choose from, but this screen shot shows two available):

...

1. ---

   Image Added

   
   
   

2. Export the certificate and save it to a file.
   
   

3. Go back to the main screen and select the Open an existing keystore from disk

...

1.  option, and select the cacerts file from the Weave Java runtime (the default password is changeit), for example C:\weave\jre\lib\security\cacerts:

...

1. ---

   Image Added

   
   
   

2. Select the Import a trusted certificate into the loaded keystore

...

1.  button:

...

1. ---

   Image Added

2. Select the certificate that was saved in Step 6 and confirm that you trust it, giving it an appropriate alias and verifying that it should be added:

...

1. ---

   Image Added

2. Save the Key Store to disk:

...

1. ---

   Image Added

2. Restart Weave and verify that the external service can now be connected to.

Related articles

Connecting to SSL services

Unable to Connect to SSL Services due to PKIX Path Building Failed