ServiceDesk Plus adopts custom trust store to support untrusted SSL certificates and self-signed certificates.
Earlier, whenever ServiceDesk Plus tries to connect with an external server, the authenticity of the server will be validated using the certificate stored in the default truststore (cacerts) and if the certificate is not authorized, the connection will not be established. Now with custom truststore, if the certificate is not authorized, the administrator can proceed to trust the certificate and establish connection.
While connecting ServiceDesk Plus with an external server, the application triggers a warning as shown in the below screenshot if the certificate is not authorized.
Warning Message in Analytics Plus
The administrator can proceed to trust the certificate. Then, ServiceDesk Plus will create a custom truststore and store the security certificate provided by the server.
After storing the certificate in the custom truststore, the authenticity of the external server is verified and connection is established.
If an external server certificate is changed, the truststore should be updated in order to avoid PKIX-Path-Build connection failure.
If the details used for establishing connection is modified after creating the custom truststore, the certificate stored in the custom truststore will be removed and the authenticity will be verified again.
While saving the mail server settings, the application triggers PKIX_PATH_BUILDING_FAILED warning if the certificate provided by the mail server is not trusted.
To save the mail server settings, the administrator can proceed to trust the certificates for the listed servers in the mail configuration. Custom truststores are created separately for each mail configuration.
If the trusted certificate of mail server is changed, the corresponding mail functionality (fetching/sending) is impacted. To overcome this, administrators have to trust the new certificate and save the mail server settings again to resume functionality.
