Enable SSL for ARIS download client

Even with valid certificates (that contain the correct server and domain name) purchased from a reliable certificate authority (CA), it may occur that the corresponding root certificate is not available in the JRE currently being used. As a consequence, the JRE is unable to validate the certificate and thus considers it as unknown in the same way it does with certificates that were created internally. This is why you must add the certificate to the certificate store of the JRE in use.

If ARIS download client is started using an ARIS downloader JAR file but not the Java applet, you can easily roll out an enhanced cacerts file. Just place it into the JRE installation path on the machine were the ARIS server is installed.

  1. To roll out the certificate for ARIS download client, open your file browser and navigate to the JRE installation path, for example, c:\Program Files (x86)\java\jre\bin. This directory contains the keytool.exe file.

  2. To update the required certs file located in the <JRE installation path>\lib\security directory, open a Windows command prompt in this directory and run the command:

    keytool.exe -importcert -file <pathToCertFile> -alias <certificateAlias> -keystore <ARIS installation path>client\jre\lib\security\cacerts -storepass <keystorePassword>

    Replace all <placeholders> with the proper value. Aside from those mentioned above:

    • <certificateAlias>

      This placeholder represents a name you give to your certificate. Name it in a way that you can easily identify your certificate from the selection in the cacerts keystore.

    • <keystorePassword>

      This placeholder represents the password to the cacerts keystore. Do not use a different password as the default value changeit.

  3. Copy the cacerts file, that was changed (<JRE installation path>\lib\security), into the on this location:

    <ARIS installation path>\server\bin\work\work_abs_<s|m|l>\base\webapps\abs\downloadClient\config

    If users start ARIS download client using an ARIS downloader JAR file, this cacerts file is downloaded and used.

Users must restart their ARIS download client. Sometimes users are required to restart their browsers. This forces Java to re-read the cacerts keystore.