Issue
When using HTTPS with a custom CA certificate, users need to add this certificate in Appsmith as trusted by adding it to the ca-certs
folder. If you don't have the certificate, then this article explains how you can export it from Chrome.
Typically, if the CA certificate is not added as trusted, the following error is returned in the server logs:
org.springframework.web.reactive.function.client.WebClientRequestException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
at org.springframework.web.reactive.function.client.ExchangeFunctions$DefaultExchangeFunction.lambda$wrapException$9(ExchangeFunctions.java:136)
Resolution
To export the certificate, please follow the below steps:
- Navigate to https://www.appsmith.com/.
- Click on the lock symbol, then on Connection is secure.
- Click on Certificate is valid.
- You can see the type of certificate you are using in the General tab.
- In the Details tab, click the Export button to download the certificate.
- If the exported certificate does not have a
.crt
extension, please rename it accordingly. - Save the exported certificate to the
ca-certs
folder by following this guide on installing custom CA root certificates.