If you configured your XL Deploy server to use a self-signed certificate (this is fine for development and testing environments, but for production use a properly signed certificate is recommended!), you will notice that trying to connect with a "vanilla" CLI configuration will fail:
Exception in thread "main" java.lang.IllegalStateException: Could not contact the server at https://127.0.0.1:4517/deployit
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator
Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath
BuilderException: unable to find valid certification path to requested target
In order to get the CLI to trust the server's certificate, you will need to configure a truststore for the CLI. Usually, you don't want to modify the JRE's global truststore for this purpose, so we'll describe here how to create a dedicated truststore for your CLI:
Exporting the server certificate
Export the server’s self-signed cert, from SERVER_HOME/conf:
keytool -export -keystore keystore.jks -alias jetty -file XLDeployServerCert.cer
See here for more information on the keytool utility.
Importing the certificate as a trusted cert
Import the certificate as a trusted cert into a separate truststore for the CLI, so you don't have to mess with the JRE’s global truststore:
keytool -import -alias XLDeployServerCert -file XLDeployServerCert.cer -keystore myCliTruststore.jks
Moving the truststore to the CLI installation
Move myCliTruststore.jks from SERVER_HOME/conf to CLI_HOME/conf.
Configuring the CLI to use the truststore
Set the CLI options (or, equivalently, change CLI_HOME/bin/cli.sh or cli.cmd) to use the truststore. Use the password specified when creating the truststore in the step above:
set DEPLOYIT_CLI_OPTS=-Xmx512m -XX:MaxPermSize=256m -Djavax.net.ssl.trustStore=conf/myCliTruststore.jks -Djavax.net.ssl.trustStorePassword=secret
Starting the CLI
You can now start the CLI. Ensure that the hostname you use is the hostname that’s listed in the certificate:
C:...\xl-deploy-4.5.1-cli>bin\cli.cmd -secure -host localhost
Welcome to the XL Deploy Jython CLI!
Type 'help' to learn about the objects you can use to interact with XL Deploy.