It is possible to encounter SSL handshake issues when trying to install market artifacts in the Axon Ivy Designer. These issues are commonly related to SSL certificate errors. One such error may look like this:
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
What’s the Problem?
This error typically occurs when the SSL certificate for a server, such as maven.axonivy.com
or market.axonivy.com
, is altered or replaced by your company's internal security measures, such as firewalls, proxies or other security tools. As a result, the Java Runtime Environment (JRE) in the Axon Ivy Designer does not recognize the modified certificate, causing an SSL handshake failure when trying to establish a secure connection.
Solution
To resolve this issue, the SSL certificate of the affected server needs to be manually imported into the Designer's JRE. This allows the JRE to trust the modified certificate and complete the handshake successfully.
Here’s how to do it:
Step 1: Download the Certificate
- Open the URL (
maven.axonivy.com
and market.axonivy.com
) in a web browser.
- Download the SSL certificate of the website (the exact steps may vary depending on your browser):
- Click on the padlock icon in the browser’s address bar.
- Choose "Connection is Secure" → "Certificate" → "Export" or "Download".
- Save the certificate as a
.crt
or .pem
file.
Step 2: Import the Certificate
- Use the
keytool
utility, which comes bundled with the JRE in Axon Ivy Designer, to import the downloaded certificate.
- Run the following command in your terminal or command prompt:
path_to_designer/jre/bin/keytool -import -alias mycertificate -keystore path_to_designer/jre/lib/security/cacerts -file certificate_file
Replace the placeholders with:
path_to_designer
with the location of your Axon Ivy Designer directory (e.g., C:/AxonIvyDesigner12.0.2.2501081428_Windows_x64/
).
certificate_file
with the path to the certificate you downloaded (e.g., C:/Downloads/maven-axonivy.crt
).
mycertificate
with a name of your choice to identify this certificate (e.g., mavenAxonIvy
).
Step 3: Restart the Designer
- After importing the certificate, restart the Axon Ivy Designer to ensure the changes take effect.
By following these steps, the SSL handshake error should be resolved and you should be able to install market artifacts without further issues.