如何让 PyC​​harm 接受我的自签名 SSL 证书？

Question

I need PyCharm (2019.1, on macOS High Sierra) to accept my self-signed SSL certificate when connecting to a remote secure Jupyter notebook server. ( https://jupyter-notebook.readthedocs.io/en/latest/public_server.html )

I've tried

1. Add the certificate file to Preferences/Tools/Server Certificates.

2. keytool -import -alias cacerts -file jupytercert.pem (I think that will probably allow the JRE that PyCharm relies on to accept the certificate)

Neither resolves the problem. When attempting a connection, an error prompts:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target.

PS The certificate was generated using: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout jupyterkey.key -out jupytercert.pem

Answer 1

I had the same issue on Ubuntu, using the snap installation method.

I was able to fix the issue by first adding the custom certificate to my local java keystore with:

sudo keytool -import -trustcacerts -keystore /etc/ssl/certs/java/cacerts \
   -storepass changeit -noprompt -file path/to/my/certificate.crt  -alias my_cert_alias

Then I had to override the keystore used by pycharm in the snap using my local keystore. I could do that with a mount, as suggested in https://askubuntu.com/a/1036611/143257 :

sudo mount --bind -o nodev,ro /etc/ssl/certs/java/cacerts \
    /snap/pycharm-professional/136/jre64/lib/security/cacerts

May there be a bug on Pycharm 2019, where the certificates for jupyter notebook access are not checked through the "Preferences/Tools/Server Certificates" filter?

My suggestion to you would be to find where does pycharm store its keystore on macOS and add the custom certificate there.