Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 
Active Contributor

My obsession with this new way of hitting the PI server using servlets took new turn when a brilliant colleague of mine wanted me to program a way to get target root certificate without having to ask them for or without running a command on your cloud which is harder to access.

And now get the target server root certificates without getting your local IP white-listed ,in the comfort of your own browser, through PI server. (Of course, your server should be able to access the target)

It takes the URL as a query parameter  and will print out the full chain of certificates and also write the root certificate which you can trust in your keystore  in. CER format

Here is  a sample for google


Scroll down to get  X509 Certificate as .CER:


Here is the snippet which does the job for you.

To build the servlet you can always refer to SICF on Pi/PO

To enable logging you can refer to  Logging Incoming Requests
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

String url = request.getParameter("url");
final String LINE_SEPARATOR = System.getProperty("line.separator");

HttpsURLConnection connection = (HttpsURLConnection) new URL(null,url,new;

Certificate[] certs = connection.getServerCertificates();
for (Certificate cert : certs) {

response.getWriter().append("Certificate is : " + cert);

if (certs == null || certs.length == 0 || (!(certs[0] instanceof X509Certificate))) {
throw new SSLPeerUnverifiedException("No server's end-entity certificate");

X509Certificate x509cert = ((X509Certificate) certs[0]);

Base64.Encoder encoder = Base64.getMimeEncoder(64, LINE_SEPARATOR.getBytes());
String cert_begin = "-----BEGIN CERTIFICATE-----\n";
String end_cert = "\n-----END CERTIFICATE-----";

byte[] derCert = x509cert.getEncoded();

String pemCertPre = new String(encoder.encode(derCert));
String pemCert = cert_begin + pemCertPre + end_cert;

response.getWriter().append("X509 Certificate in encoded form : \n").append(pemCert);

} catch (Exception e) {
// TODO Auto-generated catch block
response.getWriter().append("Exception occured : ").append(e.getMessage() +" :");




if the below snippet shows error, on the underlined part , you need to set the access restrictions to Warning as shown in the next picture.


The import section:


This code was tested by my colleague and for him the formatting did not render properly on Microsoft edge but worked on Firefox and Chrome.

Disclaimer : We are not having this for productive use and so should you.



Labels in this area