Crawling via HTTPs Using Settings.xml

The following steps describe how to import a certificate through a distribution's settings.xml file (<distribution_path> /config/settings.xml)

1. Access URL with the browser and download a copy of the certificate.
2. Create a folder on Aspire for the certificate. For example: data\ssl\certName.cer
3. Run %JAVA_HOME%\bin\keytool -import -alias ibm -file data\ssl\certIBM.cer -keystore data\ssl\mykeyStore.ks. 
   1. On step 3, the keytool program can be found on the bin folder under the Java installation path.
      
      

   If several connect sources are using secure repositories (https), it's necessary to repeat the previous steps for each one, but keeping the same keystore file. So this file will contain all different certificates.

   To import multiple certificates (for different connectors) use -alias parameter in step 3

4. Add the following section into your distribution settings.xml file.
   
   

   <trustore>
       <keystorefile><distribution_path>data\ssl\mykeyStore.ks</keystorefile>
       <password>admin123</password>
   </trustore>

5. Now, open the connect source that requires the certificate, open the Advance Connector Properties, and clear the Trust All Certificates option.

6. Save the changes and start the crawling.
   
   

   Important Note (known limitation):

   If you set a wrong path or password, you will receive an SSL exception (the trustAnchors parameter must be non-empty) and the crawl will not start. However, if you change the values to the correct path or password and try again, you will receive the exception again.The problem is that these are global settings – so everything running in your JVM must use that truststore. You can't alter those system properties during runtime and expect the changes to take effect. Once you ask the JVM to make a secure connection, the system property values appear to be cached in the JVM and are used thereafter for the life of the JVM. Therefore, you must restart Aspire for the changes to take effect.