Fail to load GeoJSON via HTTPS

I have GeoJSON on another (local) server and I load it via HTTP, but when I try to load it via HTTPS it fails with “Failed to parse server certificates”. When I open same URL in a webbrowser, it displays raw json data normally.

Now I tried also modify Metabase to run under HTTPS, but problem is same.
Certificate for both Metabase & for another server comes from same issuer (but for different subject), is that a problem?

Hi @CZvacko
Sounds like your certificates are not correctly setup on your webserver.

Hi, do you mean web server with GeoJSON file ? This is used by many users and no one has reported problem. How to debug it ?

@CZvacko Yes, and the webserver which you used for Metabase:
https://observatory.mozilla.org/ - https://www.ssllabs.com/ssltest/

Also, post “Diagnostic Info” from Admin > Troubleshooting.

Hi, both servers are only accessible from intranet, so I can’t preform the tests you mentioned. Diag info is below

{
“browser-info”: {
“language”: “cs-CZ”,
“platform”: “Win32”,
“userAgent”: “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.106 Safari/537.36”,
“vendor”: “Google Inc.”
},
“system-info”: {
“file.encoding”: “UTF-8”,
“java.runtime.name”: “Java™ SE Runtime Environment”,
“java.runtime.version”: “1.8.0_261-b12”,
“java.vendor”: “Oracle Corporation”,
“java.vendor.url”: “http://java.oracle.com/”,
“java.version”: “1.8.0_261”,
“java.vm.name”: “Java HotSpot™ 64-Bit Server VM”,
“java.vm.version”: “25.261-b12”,
“os.name”: “Windows Server 2019”,
“os.version”: “10.0”,
“user.language”: “en”,
“user.timezone”: “Europe/Paris”
},
“metabase-info”: {
“databases”: [
“h2”,
“sqlserver”,
“oracle”,
“mysql”
],
“hosting-env”: “unknown”,
“application-database”: “mysql”,
“application-database-details”: {
“database”: {
“name”: “MariaDB”,
“version”: “10.4.12-MariaDB”
},
“jdbc-driver”: {
“name”: “MariaDB Connector/J”,
“version”: “2.5.1”
}
},
“run-mode”: “prod”,
“version”: {
“tag”: “v0.36.1”,
“date”: “2020-07-30”,
“branch”: “release-0.36.x”,
“hash”: “55312e4”
},
“settings”: {
“report-timezone”: null
}
}
}

@CZvacko You need to use valid certificates. So if you’re using self-signed certificates, then you need to add them to the TrustStore, so Java can validate them.
https://stackoverflow.com/questions/2893819/accept-servers-self-signed-ssl-certificate-in-java-client

add them to the TrustStore” - its easy to say, but hard to do…
I tried everything, with keytool it failed with “input not an x.509 certificate” message.
And with KeyStore Explorer imported sucesfully, but then Metabase unable start with “java.io.IOException: Invalid keystore format”
:roll_eyes: :roll_eyes:

@CZvacko I don’t know which certificate format you’re using or what you’re trying to save as. But self-signed certificates are just a pain to deal with, and makes everything a lot more complicated - specially with how Java handles certificates. I never said it was easy, but you’ll find much better help in Java specific forums, since it’s not really specific to Metabase.

“not really specific to Metabase” - guess what, I was pending with update to v0.37, now I did it, and Voilà, now it works (without adding other server’s certificate into TrustStore)
:exploding_head: