With Hybrid Access Gateway 5.12 a new feature was introduced for the notification plugins. The purpose was to implement support for TLS (Transport Layer Security) as this was previously not supported.
As a consequence of this, some additional configuration is required. For proper TLS functionality the remote certificate (presented by the Notification server, for example, SMS gateway) must be trusted by Hybrid Access Gateway. The Hybrid Access Gateway trust is built up from scratch and there are no default trusts in a new system. Therefore all trusted Certificate Authorities and certificates must be explicitly trusted.
The certificate of the Certificate Authority must be obtained. This can be done in several different ways and is not covered by these instructions. The certificate should be in PEM format.
Log in to Hybrid Access Gateway administration interface
Log in to the Hybrid Access Gateway administration interface with your admin user.
Add Certificate Authority (CA)
Go to Add certificates and follow the instructions under heading "Add certificate authority".
When finished, click Publish.
If there are problems with the certificate the logs will show messages like this when sending a notification:
WARNING “Failed to send SMS via channel SMS Notification, IO Error/sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target/PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target/unable to find valid certification path to requested target"
WARNING "Failed to send SMS via any configured channel."
If this is the case, verify that the uploaded certificate is the correct one and that it corresponds to the SMS service.