Issue:
We've surfaced an issue while Automatically registering or using our newly issued/renewed license in old/upgraded server. The below error is encountered when we try to start the Adeptia Kernel and Adeptia Webrunner. This issue will come with both of our products Adeptia Connect and Adeptia Integration Suite.
2020-06-04 02:37:35 javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: validity check failed:
License server cannot be reached
Cause:
This issue is coming due to some bundled root certificates in the cacerts of Adeptia application. These certificates got expired on 30th May 2020 after which this issue started coming.
A 'root' certificate is generally expected to mean a certificate which is self-signed (the same Subject and Issuer), but is also included by a vendor in a trusted root store.
There are 3 root certificates we're generally talking about (5 if you include the ECC variants of COMODO CA and USERTRUST, which we haven't included here):
• AddTrust External CA Root:
Uses sha1WithRSAEncryption. Expires in May of 2020.
• USERTrust RSA CA:
Uses sha384WithRSAEncryption. Expires in Jan 2038.
• COMODO RSA CA:
Uses sha384WithRSAEncryption. Expires in Jan 2038.
For more details follow this link : https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000rgSZ
Resolution:
To solve this issue please find the attached certificates and import these certificates in the application keystore (cacerts). Please follow below steps to resolve this issue:
- Stop the application.
- Download and extract the attached certificates and place them on the server location.
- Traverse to location ".\AdeptiaConnect-3.2\ConnectServer\jre\bin" or ".\AdeptiaSuite6.x\AdeptiaServer\jre\bin" and run Keytool.exe in command prompt.
keytool -import -file "<<path_to_Certificate_file>>" -keystore ".\AdeptiaConnect-3.2\ConnectServer\AdeptiaServer\ServerKernel\etc\truststore\cacerts" -alias <<Alias Name>> -storepass "changeit"
- Start the application after Importing both the certificates.
Below is the example of the command that has to be executed for certificate 1199354.crt :
keytool -import -file "E:\certificates\1199354.crt" -keystore "D:\Adeptia Connect\AdeptiaConnect-3.2\ConnectServer\AdeptiaServer\ServerKernel\etc\truststore\cacerts" -alias "USERTrust RSA Certification Authority" -storepass "changeit"
Below is the example of the command that has to be executed for certificate 1720081.crt :
keytool -import -file "E:\certificates\1720081.crt" -keystore "D:\Adeptia Connect\AdeptiaConnect-3.2\ConnectServer\AdeptiaServer\ServerKernel\etc\truststore\cacerts" -alias "COMODO RSA Certification Authority" -storepass "changeit"
Comments
0 comments
Article is closed for comments.