running apex tests: unable to find valid certification path to requested target

[Eric Kintzer]

Getting this error: unable to find valid certification path to requested target when selecting a test configuration and clicking RUN (green arrow)

Oddly, I can edit/save apex classes just fine to the org but not run them anymore

Log attached

Background

Today, Intellij/IC started popping up dialogs saying untrusted cert for 

* dl.google.com
* salesforce.com
* my.salesforce.com

all associated with ca.helix.goskope.com

IT told me to accept the cert requests which is how I was able to edit/save apex classes. But now I'm stuck and can't run any tests anymore.

[Scott]

Eric, this error is just happening in a REST call. I'm seeing the issue in both tests and Tooling API-based deployments. If there are deployments that are working (and I don't see any in the provided log), perhaps it's because the CLI is being used for deployment vs. direct API access.

The IDE can be configured to accept what would otherwise appear to be invalid SSL certificates that are issued when proxies/firewalls perform SSL certificate substitution. This is documented here in the user guide:

https://bitbucket.org/RoseSilverSoftware/illuminatedcloud/wiki/User_Guide/Configuring_the_IDE_to_Accept_Substitute_SSL_Certificates

For a small set of people, IDE configuration isn't sufficient and the IDE's host JRE must have the certificates imported into its keychain. That's also covered in the linked topic above toward the end.

One way or the other the IDE/JRE is either going to have to be configured to accept these otherwise invalid certificates, or there will need to be exceptions added to prevent SSL certificate substitution. Otherwise there's no way to detect/avoid a potential man-in-the-middle attack when IC2 tries to communicate with the Salesforce servers via the published APIs.

Regards,

Scott Wells