Select to view content in your preferred language

Private CA Certificate

923
3
Jump to solution
08-04-2022 04:02 AM
AlessandroValra
Frequent Contributor

Hi all, I'm facing a problem with an application that uses certificate with private certification authority.
I have an error when I try to instantiate a map with only basemap (no ESRI basemap but 1 service published on server where certificate is installed).

Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used

I tried to apply workaround at this LINK , but it still doesn't work.

Anyone has the same problem? Could you help me?

TIA
Alder

Tags (2)
0 Kudos
2 Solutions

Accepted Solutions
GuntherHeppner
Esri Contributor

@AlessandroValra 

If I understand you correctly, you are connecting to a service that uses a certificate with an unknown CA or it is a self-signed certificate? Can you confirm this? What error are you getting when loading the map?

There are several options for dealing with untrusted server certificates:
1. Configure the service with a certificate from a known CA.

2. You can have your application trust your service by configuring your app's network security config.

3. You can set a DefaultAuthenticationChallengeHandler which will prompt the user to trust/not trust the service.

4. You can set a SelfSignedCertificateListener to trust your service without prompting users.

 

View solution in original post

0 Kudos
AlessandroValra
Frequent Contributor

@GuntherHeppner , I applied your tip (4. You can set a SelfSignedCertificateListener to trust your service without prompting users) and it works 😉

Thank you again.

Alder

View solution in original post

0 Kudos
3 Replies
GuntherHeppner
Esri Contributor

@AlessandroValra 

If I understand you correctly, you are connecting to a service that uses a certificate with an unknown CA or it is a self-signed certificate? Can you confirm this? What error are you getting when loading the map?

There are several options for dealing with untrusted server certificates:
1. Configure the service with a certificate from a known CA.

2. You can have your application trust your service by configuring your app's network security config.

3. You can set a DefaultAuthenticationChallengeHandler which will prompt the user to trust/not trust the service.

4. You can set a SelfSignedCertificateListener to trust your service without prompting users.

 

0 Kudos
AlessandroValra
Frequent Contributor

@GuntherHeppner, thank you for your reply

We use a self-signed certificate. The error returned is "Domain specific configurations require that hostname aware checkServerTrusted(X509Certificate[], String, String) is used"

TIA

Alder

0 Kudos
AlessandroValra
Frequent Contributor

@GuntherHeppner , I applied your tip (4. You can set a SelfSignedCertificateListener to trust your service without prompting users) and it works 😉

Thank you again.

Alder

0 Kudos