VERIFIED SOLUTION i

How do I enable PSS connectivity from Miner with HTTPS enabled?

Product Feature: Integration with Dialogue

Operating System: Not stated

 
When Portrait Explorer has been configured to run with HTTPS, trying to publish a dataset from Miner to Explorer (via the PSS) fails with the following error:

Failed to access the WSDL at: https://myserver.mycompany.org/PortraitSharedServices/AnalyticsServices.svc?wsdl.
It failed with: [exec] sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.


How can this issue be resolved?


Here are the steps that need to be done to enable the PSS connector within Portrait Miner to work when HTTPS is enabled on the PSS services:
 
  • If using a custom SSL certificate, this certificate needs to be made available to the Miner private JRE – use the following method:
    • Copy the InstallCert.jar file to a temporary directory on the Miner server (e.g. C:\temp)
    • Open a command prompt and navigate to the Miner JRE bin directory e.g. (cd “C:\PortraitMiner\server\jre\win64\1.6.0_21\bin”)
    • Run the command “java.exe –cp C:\temp\InstallCert.jar com.aw.ad.util.InstallCert < server name>”
      • NOTE: The server name should be the same as the one that the certificate is for and should be fully qualified e.g. if the certificate is for “myserver.mydomain.com” then that’s what you use in place of <server name>. This is not necessarily the same as the machine name.
    • Import the certificate by choosing the appropriate certificate number from the list displayed and pressing enter (repeat the process for each required certificate to import
    • There should now be a file called jssecerts in the bin directory, replace the existing cacerts file in the C:\PortraitMiner\server\jre\win64\1.6.0_21\lib\security directory with this jssecerts file.
  • Ensure the all of the metadata exchange endpoints are uncommented in the PSS Web.config file and are configured to use HTTPS e.g.:

            <!-- The Metadata Exchange endpoint is used by the service to describe itself to clients. -->
            <!-- This endpoint does not use a secure binding and should be secured or removed before deployment -->
            <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
  • Change the Portrait.Mas.Cms.Services.GenericUnityServiceBehavior definition in the PSS Web.config file to allow https GET requests :

       <behaviors>
          <serviceBehaviors>
            <behavior name="Portrait.Mas.Cms.Services.GenericUnityServiceBehavior">
              <!-- To avoid disclosing metadata information,   set the value below to false and remove the metadata endpoints above before deployment -->
              <serviceMetadata httpsGetEnabled="True" />
 
 
 A copy of the InstallCert.jar file as a ZIP archive is attached to this article.
UPDATED:  September 4, 2017