SSL TLS with local or private PKI

If you connect to your Git server through HTTPS, you might rely on a local or private PKI. In this case, you can make it work using one of these two solutions:

• Import your certificate into Archi's JRE (Java Runtime)
• Make Archi use your OS's certificate

Import your certificate into Archi's JRE (Java Runtime)

If some of your models rely on SSL/TLS certificates, you have can add them to the Archi\jre\lib\security\cacerts:

1. Open a Windows command shell (you can use the WIN R keyboard shortcut to open the "Run" box, enter cmd and press Enter)
2. Go the the Archi\jre\bin folder
3. Enter the following command: .\keytool -keystore ..\lib\security\cacerts -importcert -alias <alias> -file <certificate_filename>, where <alias> is a short description of the certificate to be added, and <certificate_filename>is the full path to the certificate.
4. Type the password for the keystore at the “Password” prompt and press Enter. The default Java password for the cacerts file is “changeit”.

Be sure to import all of the certificates in the certificate chain, including root and intermediate certificates.

Make Archi use your OS's certificate

On Windows, you need to add the following parameters in the Archi.ini file so that the JRE will use the specified Certificate Manager:

-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT

On Mac, if you are using the Apple JCA Provider (should be the case) then set it to KeychainStore, i.e.

-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=KeychainStore