Error Log:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (JDK 1.7)
java.lang.RuntimeException: Could not generate DH keypair. (JDK 1.6)
Problem:
JRE running the ChemoLIMS has the expired SSL certificate in its keystore.
Solution:
Update the JRE keystore file with the valid SSL certificate for JDK. Applicable to JDK/JRE 1.7 and above.
If the JDK version is below 1.7, upgrade to JDK 1.7 (ChemoLIMS) or JDK 1.8 (ChemoLIMS CNX)
Steps to fix the issue:
- Get the .crt file. eg “fomemamy.crt“
- Run command prompt as Administrator
- Locate the <JRE_HOME>\bin directory
- Execute
keytool -list -keystore ..\lib\security\cacerts
- Check number of certificates available. eg “Your keystore contains 88 entries“
- Execute
keytool -import -alias fomemamy -keystore ..\lib\security\cacerts -file d:\fomemamy.crt
- Repeat the step no. 4 and check number of certificates available. eg “Your keystore contains 89 entries“
- Restart the chemolims application server (tomcat)
If prompt for password, the default password should be : ‘changeit’
Reference:
https://www.java-samples.com/showtutorial.php?tutorialid=210
