While trying to connect via HTTPS in XOG, you get an error similar to this one:

XOG failed: org.apache.commons.jelly.JellyTagException: null:x:x: <soap:invoke> Failed to send a SOAP message generated to 'https://example.com/niku/xog'.PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The HTTPS URL you are trying to connect to uses a certificate that is not signed by a Certification Authority that is included by default in Java (this is normally caused when using self-signed certificates, or certificates that are signed by your organization, not by a recognized Certification Authority).

Import the certificate and/or the Certification Authority certificate(s) into the Java keystore:

1. Stop the Clarity services.
2. Locate the "cacerts" keystore location in the Java installation folder (as you may have more than one Java installed, confirm that this is the one used by Clarity):
   Typically, this keystore is located:
   • $JAVA_HOME/lib/security/cacerts  (Linux)
   • %JAVA_HOME%\lib\security\cacerts  (Windows)
3. Import the certificate:
   
   1. keytool -import -trustcacerts -alias <certificate-alias> -file <path-to-your-certificate.cer> -keystore <path-to-your-cacerts-file>

      Example usage (adjust alias/paths to the values that apply in your environment):
      keytool -import -trustcacerts -alias mycertificate -file /tmp/MyCertificate.cer -keystore /your/clarity/java/folder/lib/security/cacerts  (Linux)
      keytool -import -trustcacerts -alias mycertificate -file C:\tmp\MyCertificate.cer -keystore C:\your\clarity\java\folder\lib\security\cacerts  (Windows)
      
      Note: You can use the alias of your choice, but each certificate must have a unique alias.
   2. When prompted "Enter keystore password:", enter the cacerts password (default password for keystores is "changeit").
   3. When prompted "Trust this certificate? [no]:", enter "yes".
   4. This imports the certificate into the keystore and displays the message: "Certificate was added to keystore".
4. Repeat for all the certificates you want to import (e.g.: Root CA, Intermediate CA, Leaf Certificate...).
5. Start the Clarity services.

Clarity XOG with HTTPS fails with error: "PKIX path building failed, unable to find valid certification path to requested target."