Category: Configuration
Updated

2023-09-21

How do I export the custom CA certificate?

Issue

When using HTTPS with a custom CA certificate, users need to add this certificate in Appsmith as trusted by adding it to the ca-certs folder. If you don't have the certificate, then this article explains how you can export it from Chrome. 

Typically, if the CA certificate is not added as trusted, the following error is returned in the server logs:

org.springframework.web.reactive.function.client.WebClientRequestException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
	at org.springframework.web.reactive.function.client.ExchangeFunctions$DefaultExchangeFunction.lambda$wrapException$9(ExchangeFunctions.java:136)

Resolution

To export the certificate, please follow the below steps:

  1. Navigate to https://www.appsmith.com/.   
     
  2. Click on the lock symbol, then on Connection is secure. 
connection is secure
  1. Click on Certificate is valid
certificate is valid
  1. You can see the type of certificate you are using in the General tab. 
certificate type
  1. In the Details tab, click the Export button to download the certificate.
Select the root CA and export
  1. If the exported certificate does not have a .crt extension, please rename it accordingly.
  2. Save the exported certificate to the ca-certs folder by following this guide on installing custom CA root certificates