Peter Marklund

Peter Marklund's Home

2015-07-13

Clojure on Heroku Gotcha - Missing SSL certificates and jdk-overlay to the rescue

In order to get my Clojure app on Heroku to talk to the Geckoboard HTTPS REST API (at https://push.geckoboard.com/v1/send) I needed to add the file .jdk-overlay/jre/lib/security/cacerts that I copied from my local Java installation (it's under $JAVA_HOME). Apparently it's due to licensing issues that Heroku can't include the necessary certificates in their Java installation. For more, see Customizing the JDK at the Heroku dev center.

Here is an example REPL session that reproduces the problem:

(require '[clj-http.client :as client])
(client/post "https://push.geckoboard.com/v1/send" {:body "some body here"})
SunCertPathBuilderException unable to find valid certification path to requested target
sun.security.provider.certpath.SunCertPathBuilder.build (SunCertPathBuilder.java:145)