...
For importing data from an OPeNDAP server that communicates using SSL, the certificate of the server either has to be validated by a known certificate authority (preferred) or it has to be added and trusted in the certificate store truststore of your local Delft-FEWS installation.
To add a certificate to the local Delft-FEWS certificate storetruststore, first export the certificate file from the server using a browser, then import the certificate file into the certificate storetruststore.
- To export the certificate of a server using Firefox:
- Browse to the server URL.
- Left click on the certificate icon.
- Choose More Information -> Show Certificate -> Details -> Export
- Follow the on screen instructions.
...
To import the certificate file into the certificate store truststore use e.g. the following command on the command line:
| No Format |
|---|
G:\java\jre6\bin\keytool.exe -keystore G:\FEWS\client.keystoretruststore -import -alias aliasName -file fileName -trustcacerts |
where fileName is the pathname of the certificate file, aliasName is the alias to use for the certificate, G:\java\jre6\bin\keytool.exe is the pathname of the Java keytool.exe file (depends on your Java installation) and G:\FEWS is the path of the Delft-FEWS region home directory (depends on your Delft-FEWS installation). If the file client.keystore truststore does not exist, then the above command will create it. In that case the keytool will ask the user to enter a new password for the keystore truststore twice. Otherwise the keytool will ask the user to enter the password of the existing keystore truststore once. After entering the password, the keytool will display details of the server certificate, type 'yes' to trust the certificate. If the above procedure was successful, then the keytool will display "Certificate was added to keystore". The keystore truststore file called "client.keystoretruststore" in the Delft-FEWS region home directory is automatically read each time when Delft-FEWS starts, so Delft-FEWS may need to be restarted after the certificate has been added.
...