Crawling via HTTPs using Settings.xml

The following steps describe how to import a certificate through distribution's settings.xml file (<distribution_path> /config/settings.xml)

1. Access URL with the browser and download a copy of the certificate.
2. Create folder on Aspire for the certificate. For example: data\ssl\certName.cer
3. Run %JAVA_HOME%\bin\keytool -import -alias ibm -file data\ssl\certIBM.cer -keystore data\ssl\mykeyStore.ks. 
   1. On step 3, keytool program can be found on bin folder under Java installation path.
      
      

   If several connect sources are using secure repositories (https), it's necessary to repeat the previous steps for each one, but keeping the same keystore file. So this file will contain all different certificates.

   To import multiple certificates (for different connectors) use -alias parameter in step 3

4. Now add the following section into your distribution settings.xml file.
   
   

   <trustore>
       <keystorefile><distribution_path>data\ssl\mykeyStore.ks</keystorefile>
       <password>admin123</password>
   </trustore>

5. Now, open the connect source that requires the certificate, open the Advance Connector Properties, and Un-Select Trust All Certificates option.

6. Save the changes and start the crawling.
   
   

   Important Note (known limitation):

     If you set a wrong path or password you will receive a SSL exception (the trustAnchors parameter must be non-empty) and the crawl will not start, but if you change the values by the correct path or password and try again you will receive the exception again. The problem is that these are global settings so everything running in your JVM must use that truststore. You can't alter those system properties during runtime and expect those changes to take effect. Once you ask the JVM to make a secure connection, those system property values appear to be cached in the JVM and are used thereafter for the life of the JVM. So, you need to restart Aspire to the changes take effect.