Jalview connectivity issue

jeevan.durai · 30 April 2026 13:21

we could see ssl handshake error. To overcome this, we would need your input how to make use of our root certificate in Jalview configuration.

IF in case above solution does not works, Please help us with solution to manage the ssl exception

ben_soares · 30 April 2026 14:38

Hi Jeevan,

We’ve spoken about this particular problem before, and it is similar to the recent discussion Error download Jalview (Mac).

The difficulty of being in an intranet that intercepts HTTPS (and essentially performs a man-in-the-middle change of certificates) is difficult for us to build a generic solution into Jalview.

I believe there are three options:

Turn off the HTTPS interception, or use Jalview outside of the intranet.
I’m guessing this is probably not an option for you.
Use a pre-adapted IT supplied Java 8 JRE which has the intranet CA certificates already bundled.
Whilst browsers with the added CA certificates are probably supplied, I imagine a JRE is unlikely to be.
Add the required CA certificates to the JRE bundled with Jalview.
This is quite technical.

A summary of what you need to do for 3:

Locate the CA certificates keystore file of your Jalview bundled JRE.
On a mac, this will most likely be
/Applications/Jalview.app/Contents/Resources/app/jre/Contents/Home/lib/security/cacerts
On Linux or Windows, it will be the installation folder followed by
.../jre/lib/security/cacerts
Download your required CA certificates. The format might be one of several different certificate or key/certificate formats.
Add the CA certificates to the cacerts keystore file using the Java keytool command. The exact command to use will depend on the format of your certificates, but if they are in DER format, then you can do something like (changing path/to/cacerts, my_alias and ca_certificate.der:

keytool -import -trustcacerts -keystore path/to/cacerts -storepass changeit -alias my_alias -file ca_certificate.der

If you need to convert your certificate from one format to another, you can use openssl but you’ll need to google for the exact incantation required (openssl has way too many options for me to second guess it here)!

I hope this helps you progress further.
Ben

ben_soares · 30 April 2026 15:14

Here are a couple of links to pages that might be helpful:

https://help.zscaler.com/zia/adding-custom-certificate-application-specific-trust-store (scroll down to the “Java” section)
https://stackoverflow.com/questions/2138940/import-pem-into-java-key-store