tag:infinitekind.tenderapp.com,2009-01-14:/discussions/moneydance-development/2231-error-connecting-to-an-https-url-via-a-proxyInfinite Kind: Discussion 2019-01-30T15:50:24Ztag:infinitekind.tenderapp.com,2009-01-14:Comment/463700412018-10-29T03:43:56Z2018-10-29T03:48:49ZError connecting to an https URL via a proxy.<div><p>Kevin,</p>
<p>I think you have 3 options</p>
<ul>
<li>Get a non self-signed certificate. It is not that expensive anymore. For a free one, check <a href="https://letsencrypt.org/">https://letsencrypt.org/</a>. This probably is the best option and the "right" fix.</li>
<li>Or modify your code (at the point of making the httpclient call to allow self-signed certificate). Namely: com.moneyforesight.http.CommonsHttpClientFacade.executePost. Though you have some control here, you are limited to the HttpClient version that comes with MD.</li>
<li>Or import your self-certificate into the list of trusted CA. This probably is the most complicated one since you need to figure out how MD start the JVM to figure out which java command/tool (namedly keytool) to use.</li>
</ul></div>hleofxquotestag:infinitekind.tenderapp.com,2009-01-14:Comment/463700412018-10-29T22:48:16Z2018-10-29T22:48:16ZError connecting to an https URL via a proxy.<div><p>Hi hleofxquotes,</p>
<p>Thanks for the advice. I'll look into those options.</p>
<p>Cheers,<br>
Kevin</p></div>Kevin Stembridgetag:infinitekind.tenderapp.com,2009-01-14:Comment/463700412018-10-31T10:10:09Z2018-10-31T10:10:09ZError connecting to an https URL via a proxy.<div><p>Hi Kevin,<br>
I'd definitely second hleofxquotes' "let's encrypt" suggestion. Moneydance also keeps it's own set of CA certs, so it wouldn't be a good idea (or even possible, for signed app bundles) to change that list.</p>
<p>Thanks,</p>
<p>Sean Reilly<br>
Developer, The Infinite Kind<br>
<a href="http://infinitekind.com">http://infinitekind.com</a></p></div>Sean Reillytag:infinitekind.tenderapp.com,2009-01-14:Comment/463700412018-10-31T10:23:22Z2018-10-31T10:23:22ZError connecting to an https URL via a proxy.<div><p>Hi Sean,</p>
<p>Thanks for getting back to me.</p>
<p>If I remember correctly, letsencrypt certificates need to be renewed every few months. I guess I could build something into the extension that would retrieve the current certificate.</p>
<p>I'll have to give it some more thought.</p>
<p>Cheers,<br>
Kevin</p></div>Kevin Stembridgetag:infinitekind.tenderapp.com,2009-01-14:Comment/463700412018-10-31T15:02:18Z2018-10-31T15:02:18ZError connecting to an https URL via a proxy.<div><p>Hi Kevin,</p>
<p>You do need to regenerate the certificate every 90 days (I think that's the current time interval) but you wouldn't need to include your certificate in the extension. The letsencrypt CA certificate is included with most https clients which is all the client would need.</p>
<p>Thanks,<br>
Sean</p></div>Sean Reillytag:infinitekind.tenderapp.com,2009-01-14:Comment/463700412018-10-31T15:44:52Z2018-10-31T15:44:52ZError connecting to an https URL via a proxy.<div><p>ah, ok. Good to know.</p>
<p>Thanks very much.</p></div>Kevin Stembridge