Why am I getting an error while saving documents over HTTPS URL scheme?

I get an error while saving documents over HTTPS URL scheme. What am I doing wrong?

You will get save document error present over HTTPS URL scheme in any of the following cases:
  1. SSL Certificate of your saveurl does not match your registered domain name. Please check the authenticity of your SSL Certificate from the website: https://www.digicert.com/help/

  2. Your saveurl SSL Certificate is not part of either Mozilla's trusted certs or the latest JDK's certs supported by Zoho. List of supported Mozilla certs can be found in the certdata.txt file.

  3. There could also be SSL handshake error due to which the save may fail. It is either because of, the server certificate chain is incomplete or the Java's trust store doesn't trust the server's root certificate. In most of the cases, the server's certificate chain is incomplete. 

Reason for the issue:

When a client (browser) connects to a server, it needs to verify the certificate chain provided by the server to establish a secure connection (HTTPS). This is done using a list of trusted Certificate Authority (CA) certificates maintained in the browser. Similar to this, there is a cacerts file in the application's JDK (who acts as a client) consists of a list of trusted CA certificates. 

When Java cannot build the certificate chain of the server during handshake process either because of, the server certificate chain is incomplete or the cacerts file doesn't trust the server's certificate, "javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target." exception is thrown.

  1. For the domain example.com, the certificate chain is 'example.com' (Leaf or server certificate - issued by intermediate - sent by server) 
  2. Go Daddy Secure Certificate Authority - G2   (Intermediate certificate - issued by root - to be sent by server)
  3. Go Daddy Root Certificate Authority - G2   (Root certificate - self signed - in our JDK cacerts file)
Here, the server has not sent the intermediate certificates.

To fix the issue, you should correct the server's SSL certificate chain configurations, by reinstalling the server certificate and the intermediate certificates correctly.