Mirth (NextGen) Connect Bits #5: Adding SSL Certificate To Resolve HTTPS Sender Issues
One common issue with Mirth (NextGen) Connect is calling 3rd party API via HTTPS, unfortunately, there’s a chance that you’ll get an error like the one below. To resolve this, you need to add the web API’s SSL certificate in your Java KeyStore for Mirth to use.
There are a couple of ways on how to resolve this.
- Using the official Mirth (NextGen) Connect SSL Management extension – https://www.nextgen.com/products-and-services/integration-engine
- Using 3rd party commercialize SSL manager like Zen Healthcare IT SSL management extension – https://consultzen.com/zen-ssl-extension/
- Add the SSL certificates directly in the Java CA keystore on your own using tools like KeyStore Explorer or via terminal.
Using KeyStore Explorer
On my end, I’ll be using KeyStore Explorer which is a free and open-source application that allows you to manage your certificates with a friendly GUI. I previously use Portecle but it hasn’t been updated.
Step 1:
Download and install KeyStore Explorer
Step 2:
Get the CA Certificate of the 3rd party API you want to connect to or call to. This will be imported to the Java Keystore. You can get it directly from the website API’s lock icon in the web browser.
Click on the “Copy to File…” button.
The Certificate Export Wizard will show up.
You can try both the two .CER format. But the first one should work already.
Choose the file path and file name where to export.
Hit “Finish” to complete the process.
Take note of the file location. This is the certificate file that will be imported in the Java KeyStore.
Step 3:
Open the Application, make sure to open it as an admin or root access.
Step 4:
Check if your default CA Certificate KeyStore is pointed to your Java path. You can find it under Toos->Preferences.
Here’s the “Preferences” window. You should see the default path where the Java CA KeyStore is.
Step 5:
Got back to the main page of the application and click the icon of the “Open the CA Certificates KeyStore”. If you are prompted with a password, the default is “changeit“.
This will show the list of certificates including their statuses, expiry date, etc… You can import a trusted certificate by hitting the icon shown below.
Find your file and set an alias. Make sure to hit the “Save” button.
Restart the Mirth (Nextgen) Connect service and try out the API calls.
For more Mirth Connect related blog posts, check out the Mirth (NextGen) Bits tag or Health IT page. Feel free to leave a comment or feedback.