Problems the user sees¶
- When installing Squish AI Assistant (an extension of the Squish IDE), the installation ultimately fails after accepting the end user license agreement. A dialog titled Cannot install the selected AI Assistant package appears, displaying the following error message:
Message: Error installing the AI Assistant feature
java.lang.reflect.InvocationTargetException: Submission of ToS approval failed
[...]
Caused by: java.io.IOException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[...]
- When configuring a Test Center connection in the Squish IDE (Squish Test Center view → Configure Squish Test Centers), adding a new connection fails even if the entered server URL and user login credentials are valid. The following error message appears in the header of the Test Center configuration wizard:
Validating the SSL certificate of Squish Test Center at https://testcenter.example.com failed: sun.security.provider.certpath.SunCertPathBuilderException
Possible cause¶
- A self-signed SSL/TLS certificate used by HTTPS web proxy (configured system-wide)
- A self-signed SSL/TLS certificate used by Test Center server at the given HTTPS URL (Test Center configuration only)
The SSL/TLS implementation used for HTTPS network access in the Squish IDE shows errors listed above when it fails to verify a self-signed SSL/TLS certificate, because such certificate is not signed by a recognized certification authority (CA).
Solution¶
If you trust the HTTPS server/proxy, you may manually import its SSL/TLS certificate into the appropriate certificate store so that applications can validate the HTTPS connection without warnings or failures. For Java applications, this certificate store is a part of their Java Runtime Environment (JRE).
The Squish IDE is a Java application that comes with its own JRE. It is therefore necessary to locate the JRE certificate store inside the Squish installation folder and import the self-signed SSL/TLS certificate into it. An SSL/TLS certificate is usually a file with .pem, .crt, .p12 or .pfx extension; if you don't have it at hand, contact your IT department.
To import the SSL/TLS certificate into the Squish IDE's JRE certificate store so that it is seen and trusted by the IDE, descend into the folder
with Java keytool executable:
<SQUISH_DIR>/bin/ide/plugins/org.eclipse.justj.openjdk/jre/bin(Windows/Linux)<SQUISH_DIR>/bin/ide/squishide.app/Contents/Eclipse/plugins/org.eclipse.justj.openjdk*/jre/bin(macOS)
Once in the folder, execute the following sequence of commands in a terminal or command-line:
# use JRE keytool to import the self-signed certificate (file: my_cert.pem)
./keytool -importcert -trustcacerts -cacerts -file /path/to/my_cert.pem -alias myCustomAlias
# verify import succeeded: list certificates with the given alias in Squish IDE's JRE keystore
./keytool -list -keystore ../../jre/lib/security/cacerts -alias myCustomAlias